CVE-2018-18688

CWE-3473 documents3 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 99.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Foxitsoftware PhantompdfCode-industry Master PDF EditorFoxitsoftware Foxit Reader+10 more
Timeline
PublishedJan 7
Latest updateMay 24

Description

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages13 packages

NVDsoft-xpansion/perfect_pdf_reader13.0.3, 13.1.5+1
NVDfoxitsoftware/foxit_reader9.1.0, 9.2.0, 9.4+2
NVDqoppa/pdf_studio_viewer_20182018.0.1, 2018.2.0+1
NVDnuance/power_pdf_standard3.0.0.17, 3.0.0.30, 7.0+2

🔴Vulnerability Details

2
GHSA
GHSA-q966-hp9v-pw89: The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures2022-05-24
CVEList
CVE-2018-18688: The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures2021-01-07
CVE-2018-18688 (MEDIUM CVSS 5.3) | The Portable Document Format (PDF) | cvebase.io