CVE-2018-4884 Information

Feb 14, 2021 cve

Description

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions 2017.011.30070 and earlier versions 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format (EMF) data that embeds an image in the bitmap (BMP) file format. A successful attack can lead to sensitive data exposure.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/102996 http://www.securitytracker.com/id/1040364 https://helpx.adobe.com/security/products/acrobat/apsb18-02.html https://www.zerodayinitiative.com/advisories/ZDI-18-181/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5

Share on: