CVE-2021-39834 — Out-of-bounds Read in Adobe Framemaker

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

3.3LOWNVD

EPSS

1.4%

top 19.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Framemaker

Timeline

PublishedSep 29

Latest updateMay 24

Description

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5adobe/framemakerunspecified — 2020.2+2

▶NVDadobe/framemaker2020.0.1 — 2020.0.2+1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-5hh2-rr8p-rqmr: Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that↗2022-05-24

▶

CVEList

Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability↗2021-09-29

▶