nvd-json-data-feeds/CVE-2018/CVE-2018-48xx/CVE-2018-4890.json

{
  "id": "CVE-2018-4890",
  "sourceIdentifier": "psirt@adobe.com",
  "published": "2018-02-27T05:29:00.953",
  "lastModified": "2019-10-03T00:03:26.223",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Adobe Acrobat Reader 2018.009.20050 y anteriores, 2017.011.30070 y anteriores y 2015.006.30394 y anteriores. La vulnerabilidad es un ejemplo de vulnerabilidad de desbordamiento de memoria din\u00e1mica (heap) en el motor de conversi\u00f3n de imagen al gestionar datos JPEG embebidos en un archivo XPS. Un ataque con \u00e9xito puede conducir a la corrupci\u00f3n del c\u00f3digo, el secuestro del flujo de control o a un ataque de filtrado de informaci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "17.0",
              "versionEndIncluding": "17.011.30070",
              "matchCriteriaId": "6AA5E332-A7C9-40EE-AA1D-ECD20C6AC948"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
              "versionStartIncluding": "-",
              "versionEndIncluding": "18.009.20050",
              "matchCriteriaId": "5561E635-D92E-4598-9D10-2FB1F7B3AD82"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
              "versionStartIncluding": "15.0",
              "versionEndIncluding": "15.006.30394",
              "matchCriteriaId": "665540E1-CF26-4390-BC76-5FEF40E7DB9F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "17.0",
              "versionEndIncluding": "17.011.30070",
              "matchCriteriaId": "2E402EC4-3717-4634-90E9-BDE1C76FAB5E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
              "versionStartIncluding": "-",
              "versionEndIncluding": "18.009.20050",
              "matchCriteriaId": "381AB5FE-10AE-4B06-9CAD-0614295928BA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
              "versionStartIncluding": "15.0",
              "versionEndIncluding": "15.006.30394",
              "matchCriteriaId": "68EEAB61-2409-432D-B10F-0B59FC4EB1E1"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/102992",
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1040364",
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}