CVE-2009-0198Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
12.6%
top 6.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJun 11
Latest updateMay 2

Description

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader22 versions+21
NVDadobe/acrobat23 versions+22

Patches

Patch: www.adobe.comPatch: www.vupen.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-cx89-3f39-px85: Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 72022-05-02

📋Vendor Advisories

2
Red Hat
OpenLDAP: Doesn't properly handle NULL character in subject Common Name2009-08-10
Red Hat
acroread: multiple security fixes in version 8.1.6 (APSB09-07)2009-06-09

💬Community

1
Bugzilla
acroread: multiple security fixes in version 8.1.6 (APSB09-07)2009-06-10
CVE-2009-0198 — Adobe Acrobat vulnerability | cvebase