CVE-2009-2997Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
36.1%
top 2.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedOct 19
Latest updateMay 2

Description

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader9.1.3+25
NVDadobe/acrobat9.1.3+23

Patches

Patch: www.adobe.comPatch: www.us-cert.govPatch: www.vupen.com

🔴Vulnerability Details

1
GHSA
GHSA-r342-j66c-57vp: Heap-based buffer overflow in Adobe Reader and Acrobat 72022-05-02

📋Vendor Advisories

1
Red Hat
acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)2009-10-13

💬Community

1
Bugzilla
acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)2009-10-13
CVE-2009-2997 — Adobe Acrobat vulnerability | cvebase