CVE-2018-18688
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.
La especificación Portable Document Format (PDF) no proporciona ninguna información sobre el procedimiento concreto de cómo comprobar las firmas. En consecuencia, se presenta una vulnerabilidad de Ahorro Incremental en varios productos. Cuando un atacante usa la función Ahorro Incremental para agregar páginas o anotaciones, las actualizaciones del cuerpo se muestran al usuario sin que la lógica de comprobación de firmas realice ninguna acción. Esto afecta a Foxit Reader versiones anteriores a 9.4 y PhantomPDF versiones anteriores a 8.3.9 y versiones 9.x anteriores a 9.4. También afecta a LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium y Perfect PDF Reader
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-10-26 CVE Reserved
- 2021-01-07 CVE Published
- 2023-09-23 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://pdf-insecurity.org/signature/evaluation_2018.html | Third Party Advisory | |
| https://pdf-insecurity.org/signature/signature.html | Third Party Advisory | |
| https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.foxitsoftware.com/support/security-bulletins.php | 2021-01-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Code-industry Search vendor "Code-industry" | Master Pdf Editor Search vendor "Code-industry" for product "Master Pdf Editor" | 5.1.12 Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.12" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Code-industry Search vendor "Code-industry" | Master Pdf Editor Search vendor "Code-industry" for product "Master Pdf Editor" | 5.1.68 Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.68" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.4 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Phantompdf Search vendor "Foxitsoftware" for product "Phantompdf" | >= 9.0 < 9.4 Search vendor "Foxitsoftware" for product "Phantompdf" and version " >= 9.0 < 9.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Phantompdf Search vendor "Foxitsoftware" for product "Phantompdf" | 8.3.9 Search vendor "Foxitsoftware" for product "Phantompdf" and version "8.3.9" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Gonitro Search vendor "Gonitro" | Nitro Pro Search vendor "Gonitro" for product "Nitro Pro" | 11.0.3.173 Search vendor "Gonitro" for product "Nitro Pro" and version "11.0.3.173" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Gonitro Search vendor "Gonitro" | Nitro Reader Search vendor "Gonitro" for product "Nitro Reader" | 5.5.9.2 Search vendor "Gonitro" for product "Nitro Reader" and version "5.5.9.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdf Editor 6 Search vendor "Iskysoft" for product "Pdf Editor 6" | 6.4.2.3521 Search vendor "Iskysoft" for product "Pdf Editor 6" and version "6.4.2.3521" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdfelement6 Search vendor "Iskysoft" for product "Pdfelement6" | 6.8.0.3523 Search vendor "Iskysoft" for product "Pdfelement6" and version "6.8.0.3523" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdfelement6 Search vendor "Iskysoft" for product "Pdfelement6" | 6.8.4.3921 Search vendor "Iskysoft" for product "Pdfelement6" and version "6.8.4.3921" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | 6.0.6.2 Search vendor "Libreoffice" for product "Libreoffice" and version "6.0.6.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | 6.1.3.2 Search vendor "Libreoffice" for product "Libreoffice" and version "6.1.3.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Nuance Search vendor "Nuance" | Power Pdf Standard Search vendor "Nuance" for product "Power Pdf Standard" | 3.0.0.17 Search vendor "Nuance" for product "Power Pdf Standard" and version "3.0.0.17" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Nuance Search vendor "Nuance" | Power Pdf Standard Search vendor "Nuance" for product "Power Pdf Standard" | 3.0.0.30 Search vendor "Nuance" for product "Power Pdf Standard" and version "3.0.0.30" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Nuance Search vendor "Nuance" | Power Pdf Standard Search vendor "Nuance" for product "Power Pdf Standard" | 7.0 Search vendor "Nuance" for product "Power Pdf Standard" and version "7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Search vendor "Qoppa" for product "Pdf Studio" | 12.0.7 Search vendor "Qoppa" for product "Pdf Studio" and version "12.0.7" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.0.1 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.0.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.2.0 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Soft-xpansion Search vendor "Soft-xpansion" | Perfect Pdf 10 Search vendor "Soft-xpansion" for product "Perfect Pdf 10" | 10.0.0.1 Search vendor "Soft-xpansion" for product "Perfect Pdf 10" and version "10.0.0.1" | premium |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Soft-xpansion Search vendor "Soft-xpansion" | Perfect Pdf Reader Search vendor "Soft-xpansion" for product "Perfect Pdf Reader" | 13.0.3 Search vendor "Soft-xpansion" for product "Perfect Pdf Reader" and version "13.0.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Soft-xpansion Search vendor "Soft-xpansion" | Perfect Pdf Reader Search vendor "Soft-xpansion" for product "Perfect Pdf Reader" | 13.1.5 Search vendor "Soft-xpansion" for product "Perfect Pdf Reader" and version "13.1.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Code-industry Search vendor "Code-industry" | Master Pdf Editor Search vendor "Code-industry" for product "Master Pdf Editor" | 5.1.12 Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.12" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Code-industry Search vendor "Code-industry" | Master Pdf Editor Search vendor "Code-industry" for product "Master Pdf Editor" | 5.1.68 Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.68" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.1.0 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.1.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.2.0 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.2.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | 6.0.6.2 Search vendor "Libreoffice" for product "Libreoffice" and version "6.0.6.2" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | 6.1.3.2 Search vendor "Libreoffice" for product "Libreoffice" and version "6.1.3.2" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Search vendor "Qoppa" for product "Pdf Studio" | 12.0.7 Search vendor "Qoppa" for product "Pdf Studio" and version "12.0.7" | professional |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.0.1 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.0.1" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.2.0 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.2.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Code-industry Search vendor "Code-industry" | Master Pdf Editor Search vendor "Code-industry" for product "Master Pdf Editor" | 5.1.24 Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.24" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Code-industry Search vendor "Code-industry" | Master Pdf Editor Search vendor "Code-industry" for product "Master Pdf Editor" | 5.1.68 Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.68" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.1.0 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.1.0" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.2.0 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.2.0" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdf Editor 6 Search vendor "Iskysoft" for product "Pdf Editor 6" | 6.6.2.3315 Search vendor "Iskysoft" for product "Pdf Editor 6" and version "6.6.2.3315" | professional |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdf Editor 6 Search vendor "Iskysoft" for product "Pdf Editor 6" | 6.7.6.3399 Search vendor "Iskysoft" for product "Pdf Editor 6" and version "6.7.6.3399" | professional |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdfelement6 Search vendor "Iskysoft" for product "Pdfelement6" | 6.7.1.3355 Search vendor "Iskysoft" for product "Pdfelement6" and version "6.7.1.3355" | professional |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdfelement6 Search vendor "Iskysoft" for product "Pdfelement6" | 6.7.6.3399 Search vendor "Iskysoft" for product "Pdfelement6" and version "6.7.6.3399" | professional |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | 6.1.0.3 Search vendor "Libreoffice" for product "Libreoffice" and version "6.1.0.3" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Libreoffice Search vendor "Libreoffice" | Libreoffice Search vendor "Libreoffice" for product "Libreoffice" | 6.1.3.2 Search vendor "Libreoffice" for product "Libreoffice" and version "6.1.3.2" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Search vendor "Qoppa" for product "Pdf Studio" | 12.0.7 Search vendor "Qoppa" for product "Pdf Studio" and version "12.0.7" | professional |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.0.1 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.0.1" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.2.0 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.2.0" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|