CVE-2009-1857Out-of-bounds Write in Adobe Acrobat

CWE-3994 documents4 sources
Severity
9.3CRITICALNVD
EPSS
10.2%
top 6.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJun 11
Latest updateMay 2

Description

Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader22 versions+21
NVDadobe/acrobat23 versions+22

Patches

Patch: www.adobe.comPatch: www.vupen.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-xxxh-8gvj-6w39: Adobe Reader 7 and Acrobat 7 before 72022-05-02

📋Vendor Advisories

1
Red Hat
acroread: multiple security fixes in version 8.1.6 (APSB09-07)2009-06-09

💬Community

1
Bugzilla
acroread: multiple security fixes in version 8.1.6 (APSB09-07)2009-06-10
CVE-2009-1857 — Out-of-bounds Write in Adobe Acrobat | cvebase