CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2018-18689
https://notcve.org/view.php?id=CVE-2018-18689
07 Jan 2021 — The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Arch... • https://pdf-insecurity.org/signature/evaluation_2018.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6462
https://notcve.org/view.php?id=CVE-2018-6462
31 Jan 2018 — Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. Tracker PDF-XChange Viewer y Viewer AX SDK, en versiones anteriores a la 2.5.322.8, gestiona de manera incorrecta la conversión de espacios de color de YCC a RGB calculando en base de 1bpc en lugar de en 8bpc. Esto podría permitir que atacantes remotos ej... • https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 3CVE-2017-13056 – PDF-XChange Viewer 2.5 Build 314.0 - Code Execution
https://notcve.org/view.php?id=CVE-2017-13056
24 Aug 2017 — The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. La función launchURL en PDF-XChange Viewer 2.5 (Build 314.0) podría permitir que atacantes remotos ejecuten código arbitrario mediante un archivo PDF manipulado. PDF-XChange Viewer version 2.5 (Build 314.0) suffers from a javascript API remote code execution vulnerability. • https://packetstorm.news/files/id/143912 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 0CVE-2013-0729
https://notcve.org/view.php?id=CVE-2013-0729
02 Apr 2014 — Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file. Desbordamiento de buffer basado en memoria dinámica en Tracker Software PDF-XChange anterior a 2.5.208 permite a atacantes remotos ejecutar código arbitrario a través de una cabecera Define Huffman Table manipulada en un flujo de archivo de imagen JPEG en un archivo PDF. • http://osvdb.org/89442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •