CVE-2018-18689
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.
La especificación Portable Document Format (PDF) no proporciona ninguna información sobre el procedimiento concreto de cómo comprobar las firmas. En consecuencia, se presenta una vulnerabilidad de Empaquetamiento de Firma en varios productos. Un atacante puede usar /ByteRange y manipulaciones xref que no son detectadas por la lógica de comprobación de firmas. Esto afecta a Foxit Reader versiones anteriores a 9.4 y PhantomPDF versiones anteriores a 8.3.9 y versiones 9.x anteriores a 9.4. También afecta a eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer , Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF y Soda PDF Desktop
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-10-26 CVE Reserved
- 2021-01-07 CVE Published
- 2023-09-23 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://pdf-insecurity.org/signature/evaluation_2018.html | Third Party Advisory | |
| https://pdf-insecurity.org/signature/signature.html | Third Party Advisory | |
| https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.foxitsoftware.com/support/security-bulletins.php | 2021-01-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Avanquest Search vendor "Avanquest" | Expert Pdf Ultimate Search vendor "Avanquest" for product "Expert Pdf Ultimate" | 12.0.20 Search vendor "Avanquest" for product "Expert Pdf Ultimate" and version "12.0.20" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Avanquest Search vendor "Avanquest" | Pdf Experte Ultimate Search vendor "Avanquest" for product "Pdf Experte Ultimate" | 9.0.270 Search vendor "Avanquest" for product "Pdf Experte Ultimate" and version "9.0.270" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.1.0 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.1.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.2.0.9297 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.2.0.9297" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.3.0.10826 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.3.0.10826" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Gonitro Search vendor "Gonitro" | Nitro Pro Search vendor "Gonitro" for product "Nitro Pro" | 11.0.3.173 Search vendor "Gonitro" for product "Nitro Pro" and version "11.0.3.173" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Gonitro Search vendor "Gonitro" | Nitro Reader Search vendor "Gonitro" for product "Nitro Reader" | 5.5.9.2 Search vendor "Gonitro" for product "Nitro Reader" and version "5.5.9.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdf Editor 6 Search vendor "Iskysoft" for product "Pdf Editor 6" | 6.4.2.3521 Search vendor "Iskysoft" for product "Pdf Editor 6" and version "6.4.2.3521" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdfelement6 Search vendor "Iskysoft" for product "Pdfelement6" | 6.8.0.3523 Search vendor "Iskysoft" for product "Pdfelement6" and version "6.8.0.3523" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdfelement6 Search vendor "Iskysoft" for product "Pdfelement6" | 6.8.4.3921 Search vendor "Iskysoft" for product "Pdfelement6" and version "6.8.4.3921" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Pdfforge Search vendor "Pdfforge" | Pdf Architect Search vendor "Pdfforge" for product "Pdf Architect" | 6.0.37 Search vendor "Pdfforge" for product "Pdf Architect" and version "6.0.37" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Pdfforge Search vendor "Pdfforge" | Pdf Architect Search vendor "Pdfforge" for product "Pdf Architect" | 6.1.24.1862 Search vendor "Pdfforge" for product "Pdf Architect" and version "6.1.24.1862" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Search vendor "Qoppa" for product "Pdf Studio" | 12.0.7 Search vendor "Qoppa" for product "Pdf Studio" and version "12.0.7" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.0.1 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.0.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.2.0 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Sodapdf Search vendor "Sodapdf" | Soda Pdf Search vendor "Sodapdf" for product "Soda Pdf" | 9.3.17 Search vendor "Sodapdf" for product "Soda Pdf" and version "9.3.17" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Sodapdf Search vendor "Sodapdf" | Soda Pdf Desktop Search vendor "Sodapdf" for product "Soda Pdf Desktop" | 10.2.09 Search vendor "Sodapdf" for product "Soda Pdf Desktop" and version "10.2.09" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Sodapdf Search vendor "Sodapdf" | Soda Pdf Desktop Search vendor "Sodapdf" for product "Soda Pdf Desktop" | 10.2.16.1217 Search vendor "Sodapdf" for product "Soda Pdf Desktop" and version "10.2.16.1217" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Soft-xpansion Search vendor "Soft-xpansion" | Perfect Pdf 10 Search vendor "Soft-xpansion" for product "Perfect Pdf 10" | 10.0.0.1 Search vendor "Soft-xpansion" for product "Perfect Pdf 10" and version "10.0.0.1" | premium |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Soft-xpansion Search vendor "Soft-xpansion" | Perfect Pdf Reader Search vendor "Soft-xpansion" for product "Perfect Pdf Reader" | 13.0.3 Search vendor "Soft-xpansion" for product "Perfect Pdf Reader" and version "13.0.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Soft-xpansion Search vendor "Soft-xpansion" | Perfect Pdf Reader Search vendor "Soft-xpansion" for product "Perfect Pdf Reader" | 13.1.5 Search vendor "Soft-xpansion" for product "Perfect Pdf Reader" and version "13.1.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Tracker-software Search vendor "Tracker-software" | Pdf-xchange Editor Search vendor "Tracker-software" for product "Pdf-xchange Editor" | 7.0.237.1 Search vendor "Tracker-software" for product "Pdf-xchange Editor" and version "7.0.237.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Tracker-software Search vendor "Tracker-software" | Pdf-xchange Editor Search vendor "Tracker-software" for product "Pdf-xchange Editor" | 7.0.326 Search vendor "Tracker-software" for product "Pdf-xchange Editor" and version "7.0.326" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Tracker-software Search vendor "Tracker-software" | Pdf-xchange Viewer Search vendor "Tracker-software" for product "Pdf-xchange Viewer" | 2.5 Search vendor "Tracker-software" for product "Pdf-xchange Viewer" and version "2.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Visagesoft Search vendor "Visagesoft" | Expert Pdf Reader Search vendor "Visagesoft" for product "Expert Pdf Reader" | 9.0.180 Search vendor "Visagesoft" for product "Expert Pdf Reader" and version "9.0.180" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.1.0 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.1.0" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.2.0 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.2.0" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdf Editor 6 Search vendor "Iskysoft" for product "Pdf Editor 6" | 6.6.2.3315 Search vendor "Iskysoft" for product "Pdf Editor 6" and version "6.6.2.3315" | professional |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdf Editor 6 Search vendor "Iskysoft" for product "Pdf Editor 6" | 6.7.6.3399 Search vendor "Iskysoft" for product "Pdf Editor 6" and version "6.7.6.3399" | professional |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdfelement6 Search vendor "Iskysoft" for product "Pdfelement6" | 6.7.1.3355 Search vendor "Iskysoft" for product "Pdfelement6" and version "6.7.1.3355" | professional |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Iskysoft Search vendor "Iskysoft" | Pdfelement6 Search vendor "Iskysoft" for product "Pdfelement6" | 6.7.6.3399 Search vendor "Iskysoft" for product "Pdfelement6" and version "6.7.6.3399" | professional |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Search vendor "Qoppa" for product "Pdf Studio" | 12.0.7 Search vendor "Qoppa" for product "Pdf Studio" and version "12.0.7" | professional |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.0.1 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.0.1" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.2.0 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.2.0" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.1.0 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.1.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 9.2.0 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "9.2.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Search vendor "Qoppa" for product "Pdf Studio" | 12.0.7 Search vendor "Qoppa" for product "Pdf Studio" and version "12.0.7" | professional |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.0.1 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.0.1" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Qoppa Search vendor "Qoppa" | Pdf Studio Viewer 2018 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" | 2018.2.0 Search vendor "Qoppa" for product "Pdf Studio Viewer 2018" and version "2018.2.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|