CVE-2018-4898: Adobe Acrobat Pro DC ImageConversion XPS Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
First published: Tue Feb 27 2018(Updated: )
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat DC | ||
| Adobe Acrobat Reader | >=17.0<=17.011.30070 | |
| Adobe Acrobat | >=-<=18.009.20050 | |
| Adobe Acrobat | >=15.0<=15.006.30394 | |
| Adobe Acrobat Reader | >=17.0<=17.011.30070 | |
| Adobe Acrobat Reader | >=-<=18.009.20050 | |
| Adobe Acrobat Reader | >=15.0<=15.006.30394 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-4898?
CVE-2018-4898 is rated as critical due to its potential to allow arbitrary code execution.
How do I fix CVE-2018-4898?
To remediate CVE-2018-4898, update Adobe Acrobat Reader and Acrobat Pro DC to the latest version as recommended by Adobe.
What versions are affected by CVE-2018-4898?
CVE-2018-4898 affects Adobe Acrobat Reader versions 2018.009.20050 and earlier, as well as Acrobat Pro DC and Acrobat DC classics up to specific earlier versions.
What type of attack can exploit CVE-2018-4898?
CVE-2018-4898 can be exploited by attackers to execute arbitrary code on the victim's machine, compromising the system.
Is there a workaround for CVE-2018-4898 if I can't update right away?
While the best solution is to update, users may temporarily limit PDF file access from untrusted sources to mitigate the risks associated with CVE-2018-4898.
- agent/references
- agent/type
- agent/title
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/trending
- agent/source
- collector/zdi-advisory
- alias/ZDI-18-208
- alias/ZDI-CAN-5546
- alias/CVE-2018-4898
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-index
- vendor/adobe
- canonical/adobe acrobat dc
- canonical/adobe acrobat reader
- version/adobe acrobat reader/17.0
- version/adobe acrobat reader/17.011.30070
- canonical/adobe acrobat
- version/adobe acrobat/-
- version/adobe acrobat/18.009.20050
- version/adobe acrobat/15.0
- version/adobe acrobat/15.006.30394
- version/adobe acrobat reader/-
- version/adobe acrobat reader/18.009.20050
- version/adobe acrobat reader/15.0
- version/adobe acrobat reader/15.006.30394