CVE-2018-4895
First published: Tue Feb 27 2018(Updated: )
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=17.0<=17.011.30070 | |
| Adobe Acrobat Dc | >=-<=18.009.20050 | |
| Adobe Acrobat Dc | >=15.0<=15.006.30394 | |
| Adobe Acrobat Reader | >=17.0<=17.011.30070 | |
| Adobe Acrobat Reader DC | >=-<=18.009.20050 | |
| Adobe Acrobat Reader DC | >=15.0<=15.006.30394 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/softwarecombine
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/17.0
- version/adobe acrobat reader/17.011.30070
- canonical/adobe acrobat dc
- version/adobe acrobat dc/-
- version/adobe acrobat dc/18.009.20050
- version/adobe acrobat dc/15.0
- version/adobe acrobat dc/15.006.30394
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/-
- version/adobe acrobat reader dc/18.009.20050
- version/adobe acrobat reader dc/15.0
- version/adobe acrobat reader dc/15.006.30394