Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106159 | Third Party Advisory VDB Entry |
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html | Patch Vendor Advisory |
https://pdf-insecurity.org/signature/evaluation_2018.html | Third Party Advisory |
https://pdf-insecurity.org/signature/signature.html | Third Party Advisory |
https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
14 Jan 2021, 20:30
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 6.5 |
References | (MISC) https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/ - Third Party Advisory | |
References | (MISC) https://pdf-insecurity.org/signature/signature.html - Third Party Advisory | |
References | (MISC) https://pdf-insecurity.org/signature/evaluation_2018.html - Third Party Advisory | |
CWE | CWE-347 | |
CPE | cpe:2.3:a:adobe:reader:11.0.23:*:*:*:*:*:*:* cpe:2.3:a:iskysoft:pdfelement6:6.8.0.3523:*:*:*:professional:*:*:* cpe:2.3:a:adobe:reader:11.0.10:*:*:*:*:*:*:* cpe:2.3:a:iskysoft:pdf_editor_6:6.4.2.3521:*:*:*:professional:*:*:* cpe:2.3:a:iskysoft:pdfelement6:6.7.1.3355:*:*:*:professional:*:*:* cpe:2.3:a:iskysoft:pdf_editor_6:6.6.2.3315:*:*:*:professional:*:*:* cpe:2.3:a:iskysoft:pdfelement6:6.8.4.3921:*:*:*:professional:*:*:* cpe:2.3:a:iskysoft:pdfelement6:6.7.6.3399:*:*:*:professional:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:iskysoft:pdf_editor_6:6.7.6.3399:*:*:*:professional:*:*:* |
07 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-01-18 17:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-16042
Mitre link : CVE-2018-16042
CVE.ORG link : CVE-2018-16042
JSON object : View
Products Affected
apple
- mac_os_x
microsoft
- windows
iskysoft
- pdfelement6
- pdf_editor_6
linux
- linux_kernel
adobe
- acrobat_dc
- acrobat_reader_dc
- reader
CWE
CWE-347
Improper Verification of Cryptographic Signature