CVE-2018-4916Out-of-bounds Write in Adobe Acrobat

CWE-787Out-of-bounds Write3 documents3 sources
Severity
8.8HIGHNVD
EPSS
4.2%
top 11.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe AcrobatAdobe Acrobat DCAdobe Acrobat Reader+1 more
Timeline
PublishedFeb 27
Latest updateMay 14

Description

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handless TIFF data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDadobe/acrobat_reader17.017.011.30070
NVDadobe/acrobat_reader_dc-18.009.20050+1
NVDadobe/acrobat17.017.011.30070
NVDadobe/acrobat_dc-18.009.20050+1

🔴Vulnerability Details

2
GHSA
GHSA-qgwm-gj8x-jv68: An issue was discovered in Adobe Acrobat Reader 20182022-05-14
CVEList
CVE-2018-4916: An issue was discovered in Adobe Acrobat Reader 20182018-02-27
CVE-2018-4916 — Out-of-bounds Write in Adobe Acrobat | cvebase