CVE-2018-4893

MEDIUM EXPLOITED

Adobe Acrobat and Reader < 17.011.30070, < 18.009.20050, < 15.006.30394 - Out-of-bounds Read in XPS Font Processing

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-4893 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XPS font processing. A successful attack can lead to sensitive data exposure.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102996
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040364

Scores

CVSS v3 6.5
EPSS 0.1099
EPSS Percentile 95.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2020-06-03
CWE
CWE-125
Status published
Products (6)
adobe/acrobat 17.0 - 17.011.30070
adobe/acrobat_dc - - 18.009.20050
adobe/acrobat_dc 15.0 - 15.006.30394
adobe/acrobat_reader 17.0 - 17.011.30070
adobe/acrobat_reader_dc - - 18.009.20050
adobe/acrobat_reader_dc 15.0 - 15.006.30394
Published Feb 27, 2018
Tracked Since Feb 18, 2026