What is the severity of CVE-2018-4915?

CVE-2018-4915 is rated as critical due to the potential for arbitrary code execution.

What versions of Adobe Acrobat are affected by CVE-2018-4915?

CVE-2018-4915 affects Adobe Acrobat Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier.

How do I fix CVE-2018-4915?

To fix CVE-2018-4915, update to the latest versions of Adobe Acrobat Reader or Acrobat DC.

What type of vulnerability is CVE-2018-4915?

CVE-2018-4915 is a buffer overflow vulnerability that can lead to arbitrary code execution.

What are the possible consequences of exploiting CVE-2018-4915?

Exploiting CVE-2018-4915 may allow an attacker to execute arbitrary code on the victim’s machine.

Vulnerability/
CVE-2018-4915

high

8.8

CWE

787

27/2/2018

5/8/2024

26/2/2025

CVE-2018-4915: Adobe Acrobat Pro DC colorConvertPage Heap-based Buffer Overflow Remote Code Execution Vulnerability

First published: Tue Feb 27 2018(Updated: )

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Acrobat
Adobe Acrobat Reader	>=17.0<=17.011.30070
Adobe Acrobat Reader DC	>=-<=18.009.20050
Adobe Acrobat Reader DC	>=15.0<=15.006.30394
Adobe Acrobat Reader Notification Manager	>=17.0<=17.011.30070
Adobe Acrobat Reader	>=-<=18.009.20050
Adobe Acrobat Reader	>=15.0<=15.006.30394

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-4915?
CVE-2018-4915 is rated as critical due to the potential for arbitrary code execution.
What versions of Adobe Acrobat are affected by CVE-2018-4915?
CVE-2018-4915 affects Adobe Acrobat Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier.
How do I fix CVE-2018-4915?
To fix CVE-2018-4915, update to the latest versions of Adobe Acrobat Reader or Acrobat DC.
What type of vulnerability is CVE-2018-4915?
CVE-2018-4915 is a buffer overflow vulnerability that can lead to arbitrary code execution.
What are the possible consequences of exploiting CVE-2018-4915?
Exploiting CVE-2018-4915 may allow an attacker to execute arbitrary code on the victim’s machine.

agent/references
agent/title
agent/severity
agent/weakness
agent/author
agent/type
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/trending
agent/source
collector/zdi-advisory
alias/ZDI-18-212
alias/ZDI-CAN-5508
alias/CVE-2018-4915
agent/software-canonical-lookup-request
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/adobe
canonical/adobe acrobat
canonical/adobe acrobat reader
version/adobe acrobat reader/17.0
version/adobe acrobat reader/17.011.30070
canonical/adobe acrobat reader dc
version/adobe acrobat reader dc/-
version/adobe acrobat reader dc/18.009.20050
version/adobe acrobat reader dc/15.0
version/adobe acrobat reader dc/15.006.30394
canonical/adobe acrobat reader notification manager
version/adobe acrobat reader notification manager/17.0
version/adobe acrobat reader notification manager/17.011.30070
version/adobe acrobat reader/-
version/adobe acrobat reader/18.009.20050
version/adobe acrobat reader/15.0
version/adobe acrobat reader/15.006.30394