CVE-2018-4917

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICAL

EPSS

3.2%

top 12.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat 2017 Adobe Acrobat DC Adobe Acrobat Reader 2017 +1 more

Timeline

PublishedMay 19

Latest updateMay 13

Description

Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDadobe/acrobat_reader_201717.011.30070 — 17.011.30078

▶NVDadobe/acrobat_201717.011.30070 — 17.011.30078

▶NVDadobe/acrobat_reader_dc15.006.30394 — 15.006.30413+1

▶NVDadobe/acrobat_dc15.006.30394 — 15.006.30413+1

🔴Vulnerability Details

GHSA

GHSA-hx9p-2c67-r833: Adobe Acrobat and Reader versions 2018↗2022-05-13

▶

CVEList

CVE-2018-4917: Adobe Acrobat and Reader versions 2018↗2018-05-19

▶