Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0103Improper Input Validation in Adobe Acrobat Reader

CWE-20Improper Input Validation5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
34.1%
top 3.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Acrobat Reader
Timeline
PublishedJan 9
Latest updateMay 1

Description

The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-rxr5-cpp6-crgj: The Adobe PDF specification 12022-05-01

💥Exploits & PoCs

1
Exploit-DB
Multiple PDF Readers - Multiple Remote Buffer Overflows2007-01-06

📋Vendor Advisories

1
Red Hat
acroread infinite loop DoS

💬Community

1
Bugzilla
CVE-2007-0103 acroread infinite loop DoS2008-01-09
CVE-2007-0103 — Improper Input Validation in Adobe | cvebase