CVE-2018-4889Out-of-bounds Read in Adobe Acrobat

CWE-125Out-of-bounds Read3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
1.9%
top 16.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe AcrobatAdobe Acrobat DCAdobe Acrobat Reader+1 more
Timeline
PublishedFeb 27
Latest updateMay 14

Description

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDadobe/acrobat_reader17.017.011.30070
NVDadobe/acrobat_reader_dc-18.009.20050+1
NVDadobe/acrobat17.017.011.30070
NVDadobe/acrobat_dc-18.009.20050+1

🔴Vulnerability Details

2
GHSA
GHSA-3mcr-6m85-5gwv: An issue was discovered in Adobe Acrobat Reader 20182022-05-14
CVEList
CVE-2018-4889: An issue was discovered in Adobe Acrobat Reader 20182018-02-27
CVE-2018-4889 — Out-of-bounds Read in Adobe Acrobat | cvebase