CVE-2009-1062Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat Reader

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input Validation14 documents5 sources
Severity
9.3CRITICALNVD
EPSS
8.6%
top 7.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Adobe Acrobat ReaderAdobe AcrobatAdobe Reader
Timeline
PublishedMar 25
Latest updateMay 2

Description

Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDadobe/acrobat_reader7.07.1.1+4
NVDadobe/acrobat9.0+18
NVDadobe/reader32 versions+31

Patches

Patch: www.adobe.comPatch: www.ivizsecurity.comPatch: www.securityfocus.com

🔴Vulnerability Details

6
GHSA
GHSA-4hh3-c3j6-h827: Adobe Acrobat Reader 9 before 92022-05-02
GHSA
GHSA-468h-v4jh-mq8c: Heap-based buffer overflow in Adobe Acrobat Reader 9 before 92022-05-02
GHSA
GHSA-8g25-qvgj-fp7w: Unspecified vulnerability in Adobe Acrobat Reader 9 before 92022-05-02
CVEList
CVE-2009-0193: Heap-based buffer overflow in Adobe Acrobat Reader 9 before 92009-03-25
CVEList
CVE-2009-1062: Adobe Acrobat Reader 9 before 92009-03-25

📋Vendor Advisories

3
Red Hat
acroread: multiple JBIG2-related security flaws2009-02-19
Red Hat
acroread: multiple JBIG2-related security flaws2009-02-19
Red Hat
acroread: multiple JBIG2-related security flaws2009-02-19

💬Community

2
Bugzilla
CVE-2009-4016 CVE-2010-0300 ircd-{hybrid,ratbox}: multiple vulnerabilities2010-01-27
Bugzilla
CVE-2009-0658, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062 acroread: multiple JBIG2-related security flaws2009-02-23
CVE-2009-1062 — Adobe Acrobat Reader vulnerability | cvebase