5.3
CVE-2018-18688
- EPSS 0%
- Published 07.01.2021 18:15:12
- Last modified 21.11.2024 03:56:22
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.
Data is provided by the National Vulnerability Database (NVD)
Code-industry ≫ Master Pdf Editor Version5.1.12
Code-industry ≫ Master Pdf Editor Version5.1.68
Foxitsoftware ≫ Foxit Reader Version9.4
Foxitsoftware ≫ Phantompdf Version >= 9.0 < 9.4
Foxitsoftware ≫ Phantompdf Version8.3.9
Gonitro ≫ Nitro Reader Version5.5.9.2
Iskysoft ≫ Pdf Editor 6 Version6.4.2.3521 SwEditionprofessional
Iskysoft ≫ Pdfelement6 Version6.8.0.3523 SwEditionprofessional
Iskysoft ≫ Pdfelement6 Version6.8.4.3921 SwEditionprofessional
Libreoffice ≫ Libreoffice Version6.0.6.2
Libreoffice ≫ Libreoffice Version6.1.3.2
Nuance ≫ Power Pdf Standard Version3.0.0.17
Nuance ≫ Power Pdf Standard Version3.0.0.30
Nuance ≫ Power Pdf Standard Version7.0
Qoppa ≫ Pdf Studio Version12.0.7 SwEditionprofessional
Qoppa ≫ Pdf Studio Viewer 2018 Version2018.0.1
Qoppa ≫ Pdf Studio Viewer 2018 Version2018.2.0
Soft-xpansion ≫ Perfect Pdf 10 Version10.0.0.1 SwEditionpremium
Soft-xpansion ≫ Perfect Pdf Reader Version13.0.3
Soft-xpansion ≫ Perfect Pdf Reader Version13.1.5
Code-industry ≫ Master Pdf Editor Version5.1.12
Code-industry ≫ Master Pdf Editor Version5.1.68
Foxitsoftware ≫ Foxit Reader Version9.1.0
Foxitsoftware ≫ Foxit Reader Version9.2.0
Libreoffice ≫ Libreoffice Version6.0.6.2
Libreoffice ≫ Libreoffice Version6.1.3.2
Qoppa ≫ Pdf Studio Version12.0.7 SwEditionprofessional
Qoppa ≫ Pdf Studio Viewer 2018 Version2018.0.1
Qoppa ≫ Pdf Studio Viewer 2018 Version2018.2.0
Code-industry ≫ Master Pdf Editor Version5.1.24
Code-industry ≫ Master Pdf Editor Version5.1.68
Foxitsoftware ≫ Foxit Reader Version9.1.0
Foxitsoftware ≫ Foxit Reader Version9.2.0
Iskysoft ≫ Pdf Editor 6 Version6.6.2.3315 SwEditionprofessional
Iskysoft ≫ Pdf Editor 6 Version6.7.6.3399 SwEditionprofessional
Iskysoft ≫ Pdfelement6 Version6.7.1.3355 SwEditionprofessional
Iskysoft ≫ Pdfelement6 Version6.7.6.3399 SwEditionprofessional
Libreoffice ≫ Libreoffice Version6.1.0.3
Libreoffice ≫ Libreoffice Version6.1.3.2
Qoppa ≫ Pdf Studio Version12.0.7 SwEditionprofessional
Qoppa ≫ Pdf Studio Viewer 2018 Version2018.0.1
Qoppa ≫ Pdf Studio Viewer 2018 Version2018.2.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0% | 0.002 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.