CVE-2008-4812Improper Input Validation in Adobe Acrobat

CWE-20Improper Input Validation4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
42.8%
top 2.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedNov 5
Latest updateMay 14

Description

Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat8.1.2+1

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-65hv-rxc9-c75q: Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 82022-05-14

📋Vendor Advisories

1
Red Hat
Reader: embedded font handling out-of-bounds array indexing2008-11-04

💬Community

1
Bugzilla
CVE-2008-4812 Adobe Reader: embedded font handling out-of-bounds array indexing2008-11-04
CVE-2008-4812 — Improper Input Validation in Adobe | cvebase