CVE-2010-2206Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-1894 documents4 sources
Severity
9.3CRITICALNVD
EPSS
4.4%
top 10.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJun 30
Latest updateMay 14

Description

Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader19 versions+18
NVDadobe/acrobat21 versions+20

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-jf6r-2jh6-5f5q: Array index error in AcroForm2022-05-14

📋Vendor Advisories

1
Red Hat
acroread: multiple code execution flaws (APSB10-15)2010-06-29

💬Community

1
Bugzilla
acroread: multiple code execution flaws (APSB10-15)2010-06-29
CVE-2010-2206 — Adobe Acrobat vulnerability | cvebase