The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signa…
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
https://cwe.mitre.org/data/definitions/347.html →Open in CWE collection →An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
https://capec.mitre.org/data/definitions/463.html →Open in CAPEC collection →An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.
https://capec.mitre.org/data/definitions/475.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| expert_pdf_reader | * | Tracked |
| expert_pdf_ultimate | * | Tracked |
| foxit_reader | * | Tracked |
| foxit_reader | * | Tracked |
| foxit_reader | * | Tracked |
| nitro_pro | * | Tracked |
| nitro_reader | * | Tracked |
| pdf-xchange_editor | * | Tracked |
| pdf-xchange_viewer | * | Tracked |
| pdf_architect | * | Tracked |
| pdf_editor_6 | * | Tracked |
| pdf_editor_6 | * | Tracked |
| pdf_experte_ultimate | * | Tracked |
| pdf_studio | * | Tracked |
| pdf_studio | * | Tracked |
| pdf_studio | * | Tracked |
| pdf_studio_viewer_2018 | * | Tracked |
| pdf_studio_viewer_2018 | * | Tracked |
| pdf_studio_viewer_2018 | * | Tracked |
| pdfelement6 | * | Tracked |