What is the severity of CVE-2018-4904?

CVE-2018-4904 is rated as critical due to the potential for remote code execution via heap overflow.

How do I fix CVE-2018-4904?

To fix CVE-2018-4904, update Adobe Acrobat Reader to the latest version available.

What products are affected by CVE-2018-4904?

CVE-2018-4904 affects Adobe Acrobat Reader and Adobe Acrobat Pro DC versions prior to specific releases listed in the vulnerability details.

What kind of exploit is CVE-2018-4904?

CVE-2018-4904 can be exploited through specially crafted TIFF files that cause a heap overflow.

Is CVE-2018-4904 exploitable remotely?

Yes, CVE-2018-4904 can be exploited remotely without the need for local access to the vulnerable system.

Vulnerability/
CVE-2018-4904

high

8.8

CWE

787

27/2/2018

5/8/2024

26/2/2025

CVE-2018-4904: Adobe Acrobat Pro DC ImageConversion XPS TIFF dir count Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

First published: Tue Feb 27 2018(Updated: )

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Acrobat
Adobe Acrobat Reader	>=17.0<=17.011.30070
Adobe Acrobat Reader DC	>=-<=18.009.20050
Adobe Acrobat Reader DC	>=15.0<=15.006.30394
Adobe Acrobat Reader Notification Manager	>=17.0<=17.011.30070
Adobe Acrobat Reader	>=-<=18.009.20050
Adobe Acrobat Reader	>=15.0<=15.006.30394

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-4904?
CVE-2018-4904 is rated as critical due to the potential for remote code execution via heap overflow.
How do I fix CVE-2018-4904?
To fix CVE-2018-4904, update Adobe Acrobat Reader to the latest version available.
What products are affected by CVE-2018-4904?
CVE-2018-4904 affects Adobe Acrobat Reader and Adobe Acrobat Pro DC versions prior to specific releases listed in the vulnerability details.
What kind of exploit is CVE-2018-4904?
CVE-2018-4904 can be exploited through specially crafted TIFF files that cause a heap overflow.
Is CVE-2018-4904 exploitable remotely?
Yes, CVE-2018-4904 can be exploited remotely without the need for local access to the vulnerable system.

agent/references
agent/type
agent/severity
agent/author
agent/title
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/trending
agent/source
collector/zdi-advisory
alias/ZDI-18-170
alias/ZDI-CAN-5463
alias/CVE-2018-4904
agent/software-canonical-lookup-request
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/adobe
canonical/adobe acrobat
canonical/adobe acrobat reader
version/adobe acrobat reader/17.0
version/adobe acrobat reader/17.011.30070
canonical/adobe acrobat reader dc
version/adobe acrobat reader dc/-
version/adobe acrobat reader dc/18.009.20050
version/adobe acrobat reader dc/15.0
version/adobe acrobat reader dc/15.006.30394
canonical/adobe acrobat reader notification manager
version/adobe acrobat reader notification manager/17.0
version/adobe acrobat reader notification manager/17.011.30070
version/adobe acrobat reader/-
version/adobe acrobat reader/18.009.20050
version/adobe acrobat reader/15.0
version/adobe acrobat reader/15.006.30394