CVE-2019-7125 — Out-of-bounds Write in Adobe Acrobat DC

CWE-787 — Out-of-bounds Write CWE-194 — Unexpected Sign Extension8 documents7 sources

Severity

8.8HIGHNVD

EPSS

6.3%

top 9.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat DC Adobe Acrobat Reader DC Adobe Acrobat AND Reader

Timeline

PublishedMay 23

Latest updateMay 24

Description

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDadobe/acrobat_reader_dc15.006.30060 — 15.006.30482+2

▶CVEListV5adobe/adobe_acrobat_and_reader2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier versions

▶NVDadobe/acrobat_dc15.006.30060 — 15.006.30482+2

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-pm3f-h97g-5966: Adobe Acrobat and Reader versions 2019↗2022-05-24

▶

CVEList

CVE-2019-7125: Adobe Acrobat and Reader versions 2019↗2019-05-23

▶

📋Vendor Advisories

Red Hat

Reader: Out-of-bounds memory access due to incorrect integer size promotion leads to arbitrary code execution↗2019-02-01

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Adobe Acrobat Reader remote code execution↗2019-04-10

▶

Talos

Vulnerability Spotlight: Adobe Acrobat Reader remote code execution↗2019-04-10

▶

Zscaler

Zscaler found Adobe Security Vulnerabilities | 04-09-2019↗

▶

💬Community

Bugzilla

CVE-2019-7125 Adobe Reader: Out-of-bounds memory access due to incorrect integer size promotion leads to arbitrary code execution↗2019-04-10

▶