CVE-2020-3740 — Out-of-bounds Write in Adobe Framemaker

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents5 sources

Severity

9.8CRITICALNVD

EPSS

8.0%

top 7.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Framemaker Adobe Framemaker

Timeline

PublishedFeb 13

Latest updateMay 24

Description

Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDadobe/framemaker2019.0.4

▶CVEListV5adobe/adobe_framemaker2019.0.4 and below versions

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-xhmj-2p35-gj29: Adobe Framemaker versions 2019↗2022-05-24

▶

CVEList

CVE-2020-3740: Adobe Framemaker versions 2019↗2020-02-13

▶

📋Vendor Advisories

Oracle

Oracle Oracle Enterprise Manager Risk Matrix: Comp Management and Life Cycle Management (RSA BSAFE Crypto-J) — CVE-2019-3740↗2020-10-15

▶

Oracle

Oracle Oracle Retail Applications Risk Matrix: SIM Integration (BSAFE Crypto-J) — CVE-2019-3740↗2020-07-15

▶

💬Community

Bugzilla

CVE-2020-6575 chromium-browser: Race in Mojo↗2020-09-08

▶

Bugzilla

CVE-2020-6573 chromium-browser: Use after free in video↗2020-09-08

▶

Bugzilla

CVE-2020-6576 chromium-browser: Use after free in offscreen canvas↗2020-09-08

▶

Bugzilla

CVE-2020-15959 chromium-browser: Insufficient policy enforcement in networking↗2020-09-08

▶

Bugzilla

CVE-2020-6574 chromium-browser: Insufficient policy enforcement in installer↗2020-09-08

▶