CVE-2018-4904
HIGHAdobe Acrobat and Reader < 17.011.30070, < 18.009.20050, < 15.006.30394 - Out-of-bounds Write via TIFF Data in XPS File
Title source: llmDescription
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
References (4)
Core 4
Core References
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-18-170/
Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/acrobat/apsb18-02.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102992
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040364
Scores
CVSS v3
8.8
EPSS
0.4342
EPSS Percentile
98.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (6)
adobe/acrobat
17.0 - 17.011.30070
adobe/acrobat_dc
- - 18.009.20050
adobe/acrobat_dc
15.0 - 15.006.30394
adobe/acrobat_reader
17.0 - 17.011.30070
adobe/acrobat_reader_dc
- - 18.009.20050
adobe/acrobat_reader_dc
15.0 - 15.006.30394
Published
Feb 27, 2018
Tracked Since
Feb 18, 2026