CVE-2018-4910
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
27/02/2018
Last modified:
24/08/2020
Description
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* | 17.0 (including) | 17.011.30070 (including) |
| cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:* | -18.009.20050 (including) | |
| cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:* | 15.0 (including) | 15.006.30394 (including) |
| cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* | 17.0 (including) | 17.011.30070 (including) |
| cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:* | -18.009.20050 (including) | |
| cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:* | 15.0 (including) | 15.006.30394 (including) |
To consult the complete list of CPE names with products and versions, see this page