CVE-2018-4883

Опубликовано: 27 фев. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine that handles Enhanced Metafile Format (EMF). A successful attack can lead to sensitive data exposure.

Ссылки

http://www.securityfocus.com/bid/102996
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040364
Third Party Advisory
VDB Entry
https://helpx.adobe.com/security/products/acrobat/apsb18-02.html
Vendor Advisory
http://www.securityfocus.com/bid/102996
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040364
Third Party Advisory
VDB Entry
https://helpx.adobe.com/security/products/acrobat/apsb18-02.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*

Версия от 17.0 (исключая) до 17.011.30070 (включая)

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*

Версия от - (включая) до 18.009.20050 (включая)

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*

Версия от 15.0 (включая) до 15.006.30394 (включая)

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 17.011.30070 (включая)

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*

Версия от - (включая) до 18.009.20050 (включая)

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*

Версия от 15.0 (включая) до 15.006.30394 (включая)

EPSS

Процентиль: 83%

0.0188

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-55f3-x82m-6229