MEDIUM🇵🇱 Wersja polska

CVE-2018-18689

CVSS 5.3v3.1pub. 2021-01-07upd. 2024-11-27

The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Apple macOS

    OS
    Apple
    wszystkie wersje
  • Avanquest Expert Pdf Ultimate

    APP
    Avanquest
    12.0.20
  • Avanquest Pdf Experte Ultimate

    APP
    Avanquest
    9.0.270
  • Foxitsoftware Foxit Reader

    APP
    Foxitsoftware
    9.1.09.2.09.2.0.92979.3.0.10826
  • Gonitro Nitro Pro

    APP
    Gonitro
    11.0.3.173
  • Gonitro Nitro Reader

    APP
    Gonitro
    5.5.9.2
  • Iskysoft Pdf Editor 6

    APP
    Iskysoft
    6.4.2.35216.6.2.33156.7.6.3399
  • Iskysoft Pdfelement6

    APP
    Iskysoft
    6.7.1.33556.7.6.33996.8.0.35236.8.4.3921
  • Linux Kernel

    OS
    Linux
    wszystkie wersje
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Pdfforge Pdf Architect

    APP
    Pdfforge
    6.0.376.1.24.1862
  • Pdf Xchange Editor

    APP
    Pdf-Xchange
    7.0.237.17.0.326
  • Qoppa Pdf Studio

    APP
    Qoppa
    12.0.7
  • Qoppa Pdf Studio Viewer 2018

    APP
    Qoppa
    2018.0.12018.2.0
  • Sodapdf Soda Pdf

    APP
    Sodapdf
    9.3.17
  • Sodapdf Soda Pdf Desktop

    APP
    Sodapdf
    10.2.0910.2.16.1217
  • Soft Xpansion Perfect Pdf 10

    APP
    Soft-Xpansion
    10.0.0.1
  • Soft Xpansion Perfect Pdf Reader

    APP
    Soft-Xpansion
    13.0.313.1.5
  • Tracker Software Pdf Xchange Viewer

    APP
    Tracker-Software
    2.5
  • Visagesoft Expert Pdf Reader

    APP
    Visagesoft
    9.0.180
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach