Adobe Acrobat Reader Heap-based memory corruption [CVE-2019-7125]
| CVSS Meta Temp Score | Current Exploit Price (≈) |
|---|---|
| 7.2 | $5k-$25k |
A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30482/2017.011.30127/2019.010.20098 (Document Reader Software). It has been declared as critical. This vulnerability affects a code block. The manipulation with an unknown input leads to a memory corruption vulnerability (Heap-based). The CWE definition for the vulnerability is CWE-119. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was published 04/09/2019 as APSB19-17 as confirmed security bulletin (Website). The advisory is available at helpx.adobe.com. This vulnerability was named CVE-2019-7125 since 01/28/2019. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 05/24/2019).
Upgrading to version 2015.006.30493, 2017.011.30138 or 2019.010.20099 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
Similar entries are available at 135414, 135428 and 135429.
Vendor
Name
VulDB Meta Base Score: 7.5
VulDB Meta Temp Score: 7.2
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: ?
VulDB Reliability: ?
NVD Base Score: 8.8
NVD Vector: ?
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| ? | ? | ? | ? | ? | ? |
| ? | ? | ? | ? | ? | ? |
| ? | ? | ? | ? | ? | ? |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Memory corruption / Heap-based (CWE-119)
Local: No
Remote: Yes
Availability: ?
Status: Not defined
Price Prediction: ?
Current Price Estimation: ?
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Upgrade
Status: ?
Reaction Time: ?
0-Day Time: ?
Exposure Time: ?
Upgrade: Acrobat Reader 2015.006.30493/2017.011.30138/2019.010.20099
01/28/2019 CVE assigned
04/09/2019 Advisory disclosed
04/09/2019 Countermeasure disclosed
05/24/2019 VulDB entry created
05/24/2019 VulDB last updateVendor: adobe.com
Advisory: APSB19-17
Status: Confirmed
CVE: CVE-2019-7125 (?)
See also: ?
Created: 05/24/2019 08:38 AM
Complete: ?
Comments
Upgrade your account now!
https://vuldb.com/?id.135430
Comments are closed.
No comments yet. Please log in to comment.