CVE-2009-1861Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents4 sources
Severity
9.3CRITICALNVD
EPSS
24.3%
top 3.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJun 11
Latest updateMay 2

Description

Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader22 versions+21
NVDadobe/acrobat23 versions+22

Patches

Patch: www.adobe.comPatch: www.vupen.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-63w7-j324-fm92: Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 72022-05-02

📋Vendor Advisories

1
Red Hat
acroread: multiple security fixes in version 8.1.6 (APSB09-07)2009-06-09

💬Community

2
Bugzilla
CVE-2009-2281 mapserver: incomplete upstream fix for CVE-2009-08402009-07-03
Bugzilla
acroread: multiple security fixes in version 8.1.6 (APSB09-07)2009-06-10
CVE-2009-1861 — Adobe Acrobat vulnerability | cvebase