The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Pdf-xchange
Pdf-xchange pdf-xchange Editor |
|
CPEs | cpe:2.3:a:tracker-software:pdf-xchange_editor:7.0.326:*:*:*:*:*:*:* |
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.237.1:*:*:*:*:*:*:* cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.326:*:*:*:*:*:*:* |
Vendors & Products |
Tracker-software pdf-xchange Editor
|
Pdf-xchange
Pdf-xchange pdf-xchange Editor |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-07T17:59:16
Updated: 2024-08-05T11:16:00.394Z
Reserved: 2018-10-26T00:00:00
Link: CVE-2018-18689
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-01-07T18:15:12.560
Modified: 2024-11-27T20:11:45.410
Link: CVE-2018-18689
Redhat
No data.