CVE-2018-4903 - OpenCVE

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Adobe	Acrobat Reader Acrobat Reader Dc Acrobat Dc Acrobat

Configuration 1 [-]

OR	cpe:2.3:a:adobe:acrobat::::::::
	cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*
	cpe:2.3:a:adobe:acrobat_dc:::::classic:::*
	cpe:2.3:a:adobe:acrobat_reader::::::::
	cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*
	cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*

References

Link	Resource
http://www.securityfocus.com/bid/102996	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040364	Third Party Advisory VDB Entry
https://helpx.adobe.com/security/products/acrobat/apsb18-02.html	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-18-169/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: adobe

Published: 2018-02-27T05:00:00

Updated: 2018-02-27T10:57:01

Reserved: 2018-01-03T00:00:00

Link: CVE-2018-4903

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-02-27T05:29:01.657

Modified: 2018-03-19T17:14:47.027

Link: CVE-2018-4903

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", "vendor": "n/a", "versions": [{"status": "affected", "version": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"}]}], "datePublic": "2018-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-27T10:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "102996", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102996"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"}, {"name": "1040364", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040364"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2018-4903", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", "version": {"version_data": [{"version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bounds read"}]}]}, "references": {"reference_data": [{"name": "102996", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102996"}, {"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"}, {"name": "1040364", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040364"}]}}}}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2018-4903", "datePublished": "2018-02-27T05:00:00", "dateReserved": "2018-01-03T00:00:00", "dateUpdated": "2018-02-27T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AA5E332-A7C9-40EE-AA1D-ECD20C6AC948", "versionEndIncluding": "17.011.30070", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "matchCriteriaId": "5561E635-D92E-4598-9D10-2FB1F7B3AD82", "versionEndIncluding": "18.009.20050", "versionStartIncluding": "-", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "matchCriteriaId": "665540E1-CF26-4390-BC76-5FEF40E7DB9F", "versionEndIncluding": "15.006.30394", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E402EC4-3717-4634-90E9-BDE1C76FAB5E", "versionEndIncluding": "17.011.30070", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "matchCriteriaId": "381AB5FE-10AE-4B06-9CAD-0614295928BA", "versionEndIncluding": "18.009.20050", "versionStartIncluding": "-", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "matchCriteriaId": "68EEAB61-2409-432D-B10F-0B59FC4EB1E1", "versionEndIncluding": "15.006.30394", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure."}, {"lang": "es", "value": "Se ha descubierto un problema en Adobe Acrobat Reader 2018.009.20050 y anteriores, 2017.011.30070 y anteriores y 2015.006.30394 y anteriores. Esta vulnerabilidad ocurre como resultado de un c\u00e1lculo que lee datos m\u00e1s all\u00e1 del final del b\u00fafer objetivo; el c\u00e1lculo forma parte del procesamiento TIFF en el m\u00f3dulo XPS. Un ataque con \u00e9xito podr\u00eda conducir a la exposici\u00f3n de datos sensibles."}], "id": "CVE-2018-4903", "lastModified": "2018-03-19T17:14:47.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-27T05:29:01.657", "references": [{"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102996"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040364"}, {"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"}, {"source": "nvd@nist.gov", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-169/"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}