CVE-2018-4883
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
27/02/2018
Last modified:
16/03/2018
Description
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine that handles Enhanced Metafile Format (EMF). A successful attack can lead to sensitive data exposure.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* | 17.0 (excluding) | 17.011.30070 (including) |
| cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:* | -18.009.20050 (including) | |
| cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:* | 15.0 (including) | 15.006.30394 (including) |
| cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* | 17.0 (including) | 17.011.30070 (including) |
| cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:* | -18.009.20050 (including) | |
| cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:* | 15.0 (including) | 15.006.30394 (including) |
To consult the complete list of CPE names with products and versions, see this page