// For flags

CVE-2018-18688

 

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.

La especificación Portable Document Format (PDF) no proporciona ninguna información sobre el procedimiento concreto de cómo comprobar las firmas. En consecuencia, se presenta una vulnerabilidad de Ahorro Incremental en varios productos. Cuando un atacante usa la función Ahorro Incremental para agregar páginas o anotaciones, las actualizaciones del cuerpo se muestran al usuario sin que la lógica de comprobación de firmas realice ninguna acción. Esto afecta a Foxit Reader versiones anteriores a 9.4 y PhantomPDF versiones anteriores a 8.3.9 y versiones 9.x anteriores a 9.4. También afecta a LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium y Perfect PDF Reader

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-10-26 CVE Reserved
  • 2021-01-07 CVE Published
  • 2023-09-23 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-347: Improper Verification of Cryptographic Signature
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Code-industry
Search vendor "Code-industry"
Master Pdf Editor
Search vendor "Code-industry" for product "Master Pdf Editor"
5.1.12
Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.12"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Code-industry
Search vendor "Code-industry"
Master Pdf Editor
Search vendor "Code-industry" for product "Master Pdf Editor"
5.1.68
Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.68"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Foxitsoftware
Search vendor "Foxitsoftware"
Foxit Reader
Search vendor "Foxitsoftware" for product "Foxit Reader"
9.4
Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.4"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Foxitsoftware
Search vendor "Foxitsoftware"
Phantompdf
Search vendor "Foxitsoftware" for product "Phantompdf"
>= 9.0 < 9.4
Search vendor "Foxitsoftware" for product "Phantompdf" and version " >= 9.0 < 9.4"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Foxitsoftware
Search vendor "Foxitsoftware"
Phantompdf
Search vendor "Foxitsoftware" for product "Phantompdf"
8.3.9
Search vendor "Foxitsoftware" for product "Phantompdf" and version "8.3.9"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Gonitro
Search vendor "Gonitro"
Nitro Pro
Search vendor "Gonitro" for product "Nitro Pro"
11.0.3.173
Search vendor "Gonitro" for product "Nitro Pro" and version "11.0.3.173"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Gonitro
Search vendor "Gonitro"
Nitro Reader
Search vendor "Gonitro" for product "Nitro Reader"
5.5.9.2
Search vendor "Gonitro" for product "Nitro Reader" and version "5.5.9.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Iskysoft
Search vendor "Iskysoft"
Pdf Editor 6
Search vendor "Iskysoft" for product "Pdf Editor 6"
6.4.2.3521
Search vendor "Iskysoft" for product "Pdf Editor 6" and version "6.4.2.3521"
professional
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Iskysoft
Search vendor "Iskysoft"
Pdfelement6
Search vendor "Iskysoft" for product "Pdfelement6"
6.8.0.3523
Search vendor "Iskysoft" for product "Pdfelement6" and version "6.8.0.3523"
professional
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Iskysoft
Search vendor "Iskysoft"
Pdfelement6
Search vendor "Iskysoft" for product "Pdfelement6"
6.8.4.3921
Search vendor "Iskysoft" for product "Pdfelement6" and version "6.8.4.3921"
professional
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Libreoffice
Search vendor "Libreoffice"
Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
6.0.6.2
Search vendor "Libreoffice" for product "Libreoffice" and version "6.0.6.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Libreoffice
Search vendor "Libreoffice"
Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
6.1.3.2
Search vendor "Libreoffice" for product "Libreoffice" and version "6.1.3.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Nuance
Search vendor "Nuance"
Power Pdf Standard
Search vendor "Nuance" for product "Power Pdf Standard"
3.0.0.17
Search vendor "Nuance" for product "Power Pdf Standard" and version "3.0.0.17"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Nuance
Search vendor "Nuance"
Power Pdf Standard
Search vendor "Nuance" for product "Power Pdf Standard"
3.0.0.30
Search vendor "Nuance" for product "Power Pdf Standard" and version "3.0.0.30"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Nuance
Search vendor "Nuance"
Power Pdf Standard
Search vendor "Nuance" for product "Power Pdf Standard"
7.0
Search vendor "Nuance" for product "Power Pdf Standard" and version "7.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Qoppa
Search vendor "Qoppa"
Pdf Studio
Search vendor "Qoppa" for product "Pdf Studio"
12.0.7
Search vendor "Qoppa" for product "Pdf Studio" and version "12.0.7"
professional
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Qoppa
Search vendor "Qoppa"
Pdf Studio Viewer 2018
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018"
2018.0.1
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.0.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Qoppa
Search vendor "Qoppa"
Pdf Studio Viewer 2018
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018"
2018.2.0
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.2.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Soft-xpansion
Search vendor "Soft-xpansion"
Perfect Pdf 10
Search vendor "Soft-xpansion" for product "Perfect Pdf 10"
10.0.0.1
Search vendor "Soft-xpansion" for product "Perfect Pdf 10" and version "10.0.0.1"
premium
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Soft-xpansion
Search vendor "Soft-xpansion"
Perfect Pdf Reader
Search vendor "Soft-xpansion" for product "Perfect Pdf Reader"
13.0.3
Search vendor "Soft-xpansion" for product "Perfect Pdf Reader" and version "13.0.3"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Soft-xpansion
Search vendor "Soft-xpansion"
Perfect Pdf Reader
Search vendor "Soft-xpansion" for product "Perfect Pdf Reader"
13.1.5
Search vendor "Soft-xpansion" for product "Perfect Pdf Reader" and version "13.1.5"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Code-industry
Search vendor "Code-industry"
Master Pdf Editor
Search vendor "Code-industry" for product "Master Pdf Editor"
5.1.12
Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.12"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Code-industry
Search vendor "Code-industry"
Master Pdf Editor
Search vendor "Code-industry" for product "Master Pdf Editor"
5.1.68
Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.68"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Foxitsoftware
Search vendor "Foxitsoftware"
Foxit Reader
Search vendor "Foxitsoftware" for product "Foxit Reader"
9.1.0
Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.1.0"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Foxitsoftware
Search vendor "Foxitsoftware"
Foxit Reader
Search vendor "Foxitsoftware" for product "Foxit Reader"
9.2.0
Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.2.0"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Libreoffice
Search vendor "Libreoffice"
Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
6.0.6.2
Search vendor "Libreoffice" for product "Libreoffice" and version "6.0.6.2"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Libreoffice
Search vendor "Libreoffice"
Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
6.1.3.2
Search vendor "Libreoffice" for product "Libreoffice" and version "6.1.3.2"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Qoppa
Search vendor "Qoppa"
Pdf Studio
Search vendor "Qoppa" for product "Pdf Studio"
12.0.7
Search vendor "Qoppa" for product "Pdf Studio" and version "12.0.7"
professional
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Qoppa
Search vendor "Qoppa"
Pdf Studio Viewer 2018
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018"
2018.0.1
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.0.1"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Qoppa
Search vendor "Qoppa"
Pdf Studio Viewer 2018
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018"
2018.2.0
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.2.0"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Code-industry
Search vendor "Code-industry"
Master Pdf Editor
Search vendor "Code-industry" for product "Master Pdf Editor"
5.1.24
Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.24"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Code-industry
Search vendor "Code-industry"
Master Pdf Editor
Search vendor "Code-industry" for product "Master Pdf Editor"
5.1.68
Search vendor "Code-industry" for product "Master Pdf Editor" and version "5.1.68"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Foxitsoftware
Search vendor "Foxitsoftware"
Foxit Reader
Search vendor "Foxitsoftware" for product "Foxit Reader"
9.1.0
Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.1.0"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Foxitsoftware
Search vendor "Foxitsoftware"
Foxit Reader
Search vendor "Foxitsoftware" for product "Foxit Reader"
9.2.0
Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.2.0"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Iskysoft
Search vendor "Iskysoft"
Pdf Editor 6
Search vendor "Iskysoft" for product "Pdf Editor 6"
6.6.2.3315
Search vendor "Iskysoft" for product "Pdf Editor 6" and version "6.6.2.3315"
professional
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Iskysoft
Search vendor "Iskysoft"
Pdf Editor 6
Search vendor "Iskysoft" for product "Pdf Editor 6"
6.7.6.3399
Search vendor "Iskysoft" for product "Pdf Editor 6" and version "6.7.6.3399"
professional
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Iskysoft
Search vendor "Iskysoft"
Pdfelement6
Search vendor "Iskysoft" for product "Pdfelement6"
6.7.1.3355
Search vendor "Iskysoft" for product "Pdfelement6" and version "6.7.1.3355"
professional
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Iskysoft
Search vendor "Iskysoft"
Pdfelement6
Search vendor "Iskysoft" for product "Pdfelement6"
6.7.6.3399
Search vendor "Iskysoft" for product "Pdfelement6" and version "6.7.6.3399"
professional
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Libreoffice
Search vendor "Libreoffice"
Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
6.1.0.3
Search vendor "Libreoffice" for product "Libreoffice" and version "6.1.0.3"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Libreoffice
Search vendor "Libreoffice"
Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
6.1.3.2
Search vendor "Libreoffice" for product "Libreoffice" and version "6.1.3.2"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Qoppa
Search vendor "Qoppa"
Pdf Studio
Search vendor "Qoppa" for product "Pdf Studio"
12.0.7
Search vendor "Qoppa" for product "Pdf Studio" and version "12.0.7"
professional
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Qoppa
Search vendor "Qoppa"
Pdf Studio Viewer 2018
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018"
2018.0.1
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.0.1"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Qoppa
Search vendor "Qoppa"
Pdf Studio Viewer 2018
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018"
2018.2.0
Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.2.0"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe