Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3431Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
21.9%
top 4.22%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedSep 25
Latest updateMay 2

Description

Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDadobe/acrobat_reader24 versions+23
NVDadobe/acrobat23 versions+22

🔴Vulnerability Details

1
GHSA
GHSA-7phm-f5vw-fc7p: Stack consumption vulnerability in Adobe Reader and Acrobat 92022-05-02

💥Exploits & PoCs

1
Exploit-DB
Adobe Acrobat 9.1.3 - Stack Exhaustion Denial of Service2009-05-29

📋Vendor Advisories

1
Red Hat
acroread: Multiple DoS fixes in 8.1.7 (APSB09-15)2009-10-13

💬Community

1
Bugzilla
CVE-2009-2979 CVE-2009-2988 CVE-2009-3431 acroread: Multiple DoS fixes in 8.1.7 (APSB09-15)2009-10-13
CVE-2009-3431 — Adobe Acrobat vulnerability | cvebase