CVE-2001-1069 — Adobe Acrobat Reader vulnerability

2 documents2 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 74.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Reader

Timeline

PublishedAug 31

Latest updateApr 30

Description

libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/acrobat_reader4.0.5

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-9v8p-6wf5-jgwg: libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt↗2022-04-30

▶