LULU Soda PDF Desktop CVE-2018-18689 Signature Verification Bypass Vulnerability
Description
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Soda PDF Desktop.
Affected Applications
Soda PDF Desktop