CVE-2010-2582Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Shockwave Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
9.9%
top 6.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Shockwave Player
Timeline
PublishedOct 29
Latest updateMay 14

Description

An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/shockwave_player11.5.8.612+40

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-5wf5-2g8j-x4fv: An unspecified function in TextXtra2022-05-14
CVEList
CVE-2010-2582: An unspecified function in TextXtra2010-10-29
CVE-2010-2582 — Adobe Shockwave Player vulnerability | cvebase