CVE-2008-1104 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat Reader

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write7 documents4 sources

Severity

9.3CRITICALNVD

NVD7.8

EPSS

8.7%

top 7.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat Reader Foxitsoftware Foxit Reader +1 more

Timeline

PublishedMay 21

Latest updateMay 1

Description

Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDfoxitsoftware/foxit_reader2.3+2

▶NVDadobe/acrobat_reader8.1.2

▶NVDadobe/acrobat8.1.2

▶NVDoracle/solaris10

🔴Vulnerability Details

GHSA

GHSA-c6vf-qwc3-92qf: Stack-based buffer overflow in Adobe Acrobat and Reader 8↗2022-05-01

▶

GHSA

GHSA-qjq8-rqhj-87gj: Stack-based buffer overflow in Foxit Reader before 2↗2022-05-01

▶

CVEList

CVE-2008-2992: Stack-based buffer overflow in Adobe Acrobat and Reader 8↗2008-11-04

▶

CVEList

CVE-2008-1104: Stack-based buffer overflow in Foxit Reader before 2↗2008-05-21

▶

📋Vendor Advisories

Red Hat

Reader: JavaScript util.printf() function buffer overflow↗2008-11-04

▶