CVE-2018-4915

HIGH

Adobe Acrobat and Reader Out-of-bounds Write via JavaScript Color Conversion API

Title source: llm
STIX 2.1

Description

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040364
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102994

Scores

CVSS v3 8.8
EPSS 0.1533
EPSS Percentile 96.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (6)
adobe/acrobat 17.0 - 17.011.30070
adobe/acrobat_dc - - 18.009.20050
adobe/acrobat_dc 15.0 - 15.006.30394
adobe/acrobat_reader 17.0 - 17.011.30070
adobe/acrobat_reader_dc - - 18.009.20050
adobe/acrobat_reader_dc 15.0 - 15.006.30394
Published Feb 27, 2018
Tracked Since Feb 18, 2026