CVE-2018-4888Use After Free in Adobe Acrobat

CWE-416Use After Free3 documents3 sources
Severity
8.8HIGHNVD
EPSS
2.5%
top 14.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe AcrobatAdobe Acrobat DCAdobe Acrobat Reader+1 more
Timeline
PublishedFeb 27
Latest updateMay 14

Description

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability. The vulnerability is triggered by a crafted PDF file that can cause a memory access violation exception in the XFA engine because of a dangling reference left as a consequence of freeing an object in the computation that manipulates internal nodes in a graph representatio

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDadobe/acrobat_reader17.017.011.30070
NVDadobe/acrobat_reader_dc-18.009.20050+1
NVDadobe/acrobat17.017.011.30070
NVDadobe/acrobat_dc-18.009.20050+1

🔴Vulnerability Details

2
GHSA
GHSA-cmw5-5438-frv3: An issue was discovered in Adobe Acrobat Reader 20182022-05-14
CVEList
CVE-2018-4888: An issue was discovered in Adobe Acrobat Reader 20182018-02-27
CVE-2018-4888 — Use After Free in Adobe Acrobat | cvebase