The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader prior to 9.4 and PhantomPDF prior to 8.3.9 and 9.x prior to 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
code-industry master_pdf_editor 5.1.12 |
||
code-industry master_pdf_editor 5.1.68 |
||
foxitsoftware foxit_reader 9.4 |
||
foxitsoftware phantompdf 8.3.9 |
||
foxitsoftware phantompdf |
||
gonitro nitro_pro 11.0.3.173 |
||
gonitro nitro_reader 5.5.9.2 |
||
iskysoft pdf_editor_6 6.4.2.3521 |
||
iskysoft pdfelement6 6.8.0.3523 |
||
iskysoft pdfelement6 6.8.4.3921 |
||
libreoffice libreoffice 6.0.6.2 |
||
libreoffice libreoffice 6.1.3.2 |
||
nuance power_pdf_standard 3.0.0.17 |
||
nuance power_pdf_standard 3.0.0.30 |
||
nuance power_pdf_standard 7.0 |
||
qoppa pdf_studio 12.0.7 |
||
qoppa pdf_studio_viewer_2018 2018.0.1 |
||
qoppa pdf_studio_viewer_2018 2018.2.0 |
||
soft-xpansion perfect_pdf_10 10.0.0.1 |
||
soft-xpansion perfect_pdf_reader 13.0.3 |
||
soft-xpansion perfect_pdf_reader 13.1.5 |
||
foxitsoftware foxit_reader 9.1.0 |
||
foxitsoftware foxit_reader 9.2.0 |
||
code-industry master_pdf_editor 5.1.24 |
||
iskysoft pdf_editor_6 6.6.2.3315 |
||
iskysoft pdf_editor_6 6.7.6.3399 |
||
iskysoft pdfelement6 6.7.1.3355 |
||
iskysoft pdfelement6 6.7.6.3399 |
||
libreoffice libreoffice 6.1.0.3 |
Vulmon