Description
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the string literal parser. A successful attack can lead to sensitive data exposure.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102996
Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/acrobat/apsb18-02.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040364
Scores
CVSS v3
6.5
EPSS
0.0187
EPSS Percentile
83.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-125
Status
published
Products (6)
adobe/acrobat
17.0 - 17.011.30070
adobe/acrobat_dc
15.0 - 15.006.30394
adobe/acrobat_dc
18.0 - 18.009.20050
adobe/acrobat_reader
17.0 - 17.011.30070
adobe/acrobat_reader_dc
15.0 - 15.006.30394
adobe/acrobat_reader_dc
18.0 - 18.009.20050
Published
Feb 27, 2018
Tracked Since
Feb 18, 2026