5.3

CVE-2018-18689

EPSS 0.01%
Veröffentlicht 07.01.2021 18:15:12
Zuletzt bearbeitet 27.11.2024 20:11:45
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Avanquest ≫ Expert Pdf Ultimate Version12.0.20

Microsoft ≫ Windows Version-

Avanquest ≫ Pdf Experte Ultimate Version9.0.270

Microsoft ≫ Windows Version-

Foxitsoftware ≫ Foxit Reader Version9.1.0

Microsoft ≫ Windows Version-

Foxitsoftware ≫ Foxit Reader Version9.2.0.9297

Microsoft ≫ Windows Version-

Foxitsoftware ≫ Foxit Reader Version9.3.0.10826

Microsoft ≫ Windows Version-

Gonitro ≫ Nitro Pro Version11.0.3.173

Microsoft ≫ Windows Version-

Gonitro ≫ Nitro Reader Version5.5.9.2

Microsoft ≫ Windows Version-

Iskysoft ≫ Pdf Editor 6 Version6.4.2.3521 SwEditionprofessional

Microsoft ≫ Windows Version-

Iskysoft ≫ Pdfelement6 Version6.8.0.3523 SwEditionprofessional

Microsoft ≫ Windows Version-

Iskysoft ≫ Pdfelement6 Version6.8.4.3921 SwEditionprofessional

Microsoft ≫ Windows Version-

Pdf-xchange ≫ Pdf-xchange Editor Version7.0.237.1

Microsoft ≫ Windows Version-

Pdf-xchange ≫ Pdf-xchange Editor Version7.0.326

Microsoft ≫ Windows Version-

Pdfforge ≫ Pdf Architect Version6.0.37

Microsoft ≫ Windows Version-

Pdfforge ≫ Pdf Architect Version6.1.24.1862

Microsoft ≫ Windows Version-

Qoppa ≫ Pdf Studio Version12.0.7 SwEditionprofessional

Microsoft ≫ Windows Version-

Qoppa ≫ Pdf Studio Viewer 2018 Version2018.0.1

Microsoft ≫ Windows Version-

Qoppa ≫ Pdf Studio Viewer 2018 Version2018.2.0

Microsoft ≫ Windows Version-

Sodapdf ≫ Soda Pdf Version9.3.17

Microsoft ≫ Windows Version-

Sodapdf ≫ Soda Pdf Desktop Version10.2.09

Microsoft ≫ Windows Version-

Sodapdf ≫ Soda Pdf Desktop Version10.2.16.1217

Microsoft ≫ Windows Version-

Soft-xpansion ≫ Perfect Pdf 10 Version10.0.0.1 SwEditionpremium

Microsoft ≫ Windows Version-

Soft-xpansion ≫ Perfect Pdf Reader Version13.0.3

Microsoft ≫ Windows Version-

Soft-xpansion ≫ Perfect Pdf Reader Version13.1.5

Microsoft ≫ Windows Version-

Tracker-software ≫ Pdf-xchange Viewer Version2.5

Microsoft ≫ Windows Version-

Visagesoft ≫ Expert Pdf Reader Version9.0.180

Microsoft ≫ Windows Version-

Foxitsoftware ≫ Foxit Reader Version9.1.0

Apple ≫ macOS Version-

Foxitsoftware ≫ Foxit Reader Version9.2.0

Apple ≫ macOS Version-

Iskysoft ≫ Pdf Editor 6 Version6.6.2.3315 SwEditionprofessional

Apple ≫ macOS Version-

Iskysoft ≫ Pdf Editor 6 Version6.7.6.3399 SwEditionprofessional

Apple ≫ macOS Version-

Iskysoft ≫ Pdfelement6 Version6.7.1.3355 SwEditionprofessional

Apple ≫ macOS Version-

Iskysoft ≫ Pdfelement6 Version6.7.6.3399 SwEditionprofessional

Apple ≫ macOS Version-

Qoppa ≫ Pdf Studio Version12.0.7 SwEditionprofessional

Apple ≫ macOS Version-

Qoppa ≫ Pdf Studio Viewer 2018 Version2018.0.1

Apple ≫ macOS Version-

Qoppa ≫ Pdf Studio Viewer 2018 Version2018.2.0

Apple ≫ macOS Version-

Foxitsoftware ≫ Foxit Reader Version9.1.0

Linux ≫ Linux Kernel Version-

Foxitsoftware ≫ Foxit Reader Version9.2.0

Linux ≫ Linux Kernel Version-

Qoppa ≫ Pdf Studio Version12.0.7 SwEditionprofessional

Linux ≫ Linux Kernel Version-

Qoppa ≫ Pdf Studio Viewer 2018 Version2018.0.1

Linux ≫ Linux Kernel Version-

Qoppa ≫ Pdf Studio Viewer 2018 Version2018.2.0

Linux ≫ Linux Kernel Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.008

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://www.foxitsoftware.com/support/security-bulletins.php

Vendor Advisory

https://pdf-insecurity.org/signature/evaluation_2018.html

Third Party Advisory

https://pdf-insecurity.org/signature/signature.html

Third Party Advisory

https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-18689

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-18689

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-18689

EUVD