CVE-2018-18688

Name of the Vulnerable Software and Affected Versions Foxit Reader versions prior to 9.4 PhantomPDF versions prior to 8.3.9 and 9.x prior to 9.4 LibreOffice (affected versions not specified) Master PDF Editor (affected versions not specified) Nitro Pro (affected versions not specified) Nitro Reader (affected versions not specified) Nuance Power PDF Standard (affected versions not specified) PDF Editor 6 Pro (affected versions not specified) PDFelement6 Pro (affected versions not specified) PDF Studio Viewer 2018 (affected versions not specified) PDF Studio Pro (affected versions not specified) Perfect PDF 10 Premium (affected versions not specified) Perfect PDF Reader (affected versions not specified)

Description The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving issue exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic.

Recommendations For Foxit Reader versions prior to 9.4, update to version 9.4 or later. For PhantomPDF versions prior to 8.3.9, update to version 8.3.9 or later. For PhantomPDF 9.x versions prior to 9.4, update to version 9.4 or later. For LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader, at the moment, there is no information about a newer version that contains a fix for this issue.