CVE-2014-9161Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer20 documents2 sources
Severity
10.0CRITICALNVD
NVD9.3
EPSS
1.2%
top 20.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJan 30
Latest updateMay 17

Description

CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat_reader39 versions+38
NVDadobe/acrobat31 versions+30

🔴Vulnerability Details

10
GHSA
GHSA-fcg8-gw57-7w3c: CoolType2022-05-17
GHSA
GHSA-4rph-jf58-r356: Adobe Reader and Acrobat 102022-05-17
GHSA
GHSA-wx98-qq43-5g58: Adobe Reader and Acrobat 102022-05-17
GHSA
GHSA-gqw2-24hf-qv8p: Adobe Reader and Acrobat 102022-05-17
GHSA
GHSA-w3h5-qr68-5ff4: Adobe Reader and Acrobat 102022-05-17
CVE-2014-9161 — Adobe Acrobat vulnerability | cvebase