Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-3459

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-03 Aug, 2006 | 01:00
Updated At-07 Aug, 2024 | 18:30
Rejected At-
Credits

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:03 Aug, 2006 | 01:00
Updated At:07 Aug, 2024 | 18:30
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
vendor-advisory
x_refsource_SGI
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
vendor-advisory
x_refsource_APPLE
http://www.vupen.com/english/advisories/2007/3486
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/21501
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/21537
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/21632
third-party-advisory
x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/21338
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-330-1
vendor-advisory
x_refsource_UBUNTU
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/3101
vdb-entry
x_refsource_VUPEN
http://securitytracker.com/id?1016628
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/21253
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1137
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/21370
third-party-advisory
x_refsource_SECUNIA
http://securitytracker.com/id?1016671
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/21598
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0648.html
vendor-advisory
x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
vendor-advisory
x_refsource_MANDRIVA
http://www.securityfocus.com/bid/19289
vdb-entry
x_refsource_BID
http://secunia.com/advisories/27222
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/4034
vdb-entry
x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
third-party-advisory
x_refsource_CERT
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/21290
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/21274
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3105
vdb-entry
x_refsource_VUPEN
http://secunia.com/blog/76
x_refsource_MISC
http://secunia.com/advisories/27181
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0603.html
vendor-advisory
x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
vendor-advisory
x_refsource_SGI
http://secunia.com/advisories/21304
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/19283
vdb-entry
x_refsource_BID
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
vendor-advisory
x_refsource_SLACKWARE
https://issues.rpath.com/browse/RPL-558
x_refsource_CONFIRM
http://secunia.com/advisories/27832
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/21346
third-party-advisory
x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
vendor-advisory
x_refsource_SUNALERT
http://secunia.com/advisories/21319
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/21392
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/21334
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/22036
third-party-advisory
x_refsource_SECUNIA
http://www.osvdb.org/27723
vdb-entry
x_refsource_OSVDB
http://lwn.net/Alerts/194228/
vendor-advisory
x_refsource_TRUSTIX
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
vendor-advisory
x_refsource_SUNALERT
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.vupen.com/english/advisories/2007/3486
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/21501
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/21537
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/21632
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/21338
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/usn-330-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2006/3101
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://securitytracker.com/id?1016628
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/21253
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2006/dsa-1137
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/21370
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securitytracker.com/id?1016671
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/21598
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0648.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.securityfocus.com/bid/19289
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/27222
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/4034
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/21290
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/21274
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2006/3105
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/blog/76
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/27181
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0603.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: http://secunia.com/advisories/21304
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/19283
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: https://issues.rpath.com/browse/RPL-558
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/27832
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/21346
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://secunia.com/advisories/21319
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/21392
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/21334
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/22036
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.osvdb.org/27723
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://lwn.net/Alerts/194228/
Resource:
vendor-advisory
x_refsource_TRUSTIX
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
Resource:
vendor-advisory
x_refsource_SUNALERT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
vendor-advisory
x_refsource_SGI
x_transferred
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.vupen.com/english/advisories/2007/3486
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/21501
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/21537
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/21632
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/21338
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/usn-330-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2006/3101
vdb-entry
x_refsource_VUPEN
x_transferred
http://securitytracker.com/id?1016628
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/21253
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2006/dsa-1137
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/21370
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securitytracker.com/id?1016671
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/21598
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2006-0648.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.securityfocus.com/bid/19289
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/27222
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/4034
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/21290
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/21274
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2006/3105
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/blog/76
x_refsource_MISC
x_transferred
http://secunia.com/advisories/27181
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2006-0603.html
vendor-advisory
x_refsource_REDHAT
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
vendor-advisory
x_refsource_SGI
x_transferred
http://secunia.com/advisories/21304
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/19283
vdb-entry
x_refsource_BID
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
vendor-advisory
x_refsource_SLACKWARE
x_transferred
https://issues.rpath.com/browse/RPL-558
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/27832
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/21346
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://secunia.com/advisories/21319
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/21392
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/21334
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/22036
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.osvdb.org/27723
vdb-entry
x_refsource_OSVDB
x_transferred
http://lwn.net/Alerts/194228/
vendor-advisory
x_refsource_TRUSTIX
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/3486
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/21501
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/21537
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/21632
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/21338
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-330-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/3101
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://securitytracker.com/id?1016628
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/21253
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2006/dsa-1137
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/21370
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securitytracker.com/id?1016671
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/21598
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0648.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/19289
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/27222
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/4034
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/21290
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/21274
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/3105
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/blog/76
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/27181
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0603.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: http://secunia.com/advisories/21304
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/19283
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-558
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/27832
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/21346
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://secunia.com/advisories/21319
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/21392
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/21334
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/22036
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.osvdb.org/27723
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://lwn.net/Alerts/194228/
Resource:
vendor-advisory
x_refsource_TRUSTIX
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:03 Aug, 2006 | 01:04
Updated At:03 Apr, 2025 | 01:03

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
LibTIFF
libtiff
>>libtiff>>Versions up to 3.8.1(inclusive)
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.1
cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.2
cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.3
cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.4
cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.5
cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.6
cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.6
cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.7
cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.7
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.7
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.7
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.7
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.7
cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.6.0
cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.6.0
cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.6.0
cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.6.1
cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.7.0
cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.7.0
cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.7.0
cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.7.0
cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.7.1
cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.7.2
cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.7.3
cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.7.4
cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.8.0
cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.3.0
cpe:2.3:a:adobe:acrobat_reader:9.3.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-03-14T00:00:00

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References
HyperlinkSourceResource
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Psecalert@redhat.com
N/A
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.ascsecalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlsecalert@redhat.com
N/A
http://lwn.net/Alerts/194228/secalert@redhat.com
N/A
http://secunia.com/advisories/21253secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21274secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21290secalert@redhat.com
N/A
http://secunia.com/advisories/21304secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21319secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21334secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21338secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21346secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21370secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21392secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21501secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21537secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21598secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/21632secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/22036secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27181secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27222secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/27832secalert@redhat.com
Vendor Advisory
http://secunia.com/blog/76secalert@redhat.com
Vendor Advisory
http://securitytracker.com/id?1016628secalert@redhat.com
N/A
http://securitytracker.com/id?1016671secalert@redhat.com
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600secalert@redhat.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1secalert@redhat.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1secalert@redhat.com
N/A
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmsecalert@redhat.com
N/A
http://www.debian.org/security/2006/dsa-1137secalert@redhat.com
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlsecalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137secalert@redhat.com
N/A
http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlsecalert@redhat.com
N/A
http://www.osvdb.org/27723secalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2006-0603.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2006-0648.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/19283secalert@redhat.com
N/A
http://www.securityfocus.com/bid/19289secalert@redhat.com
N/A
http://www.ubuntu.com/usn/usn-330-1secalert@redhat.com
N/A
http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlsecalert@redhat.com
US Government Resource
http://www.vupen.com/english/advisories/2006/3101secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2006/3105secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2007/3486secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2007/4034secalert@redhat.com
Vendor Advisory
https://issues.rpath.com/browse/RPL-558secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497secalert@redhat.com
N/A
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Paf854a3a-2127-422b-91ae-364da2661108
N/A
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.ascaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lwn.net/Alerts/194228/af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/21253af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21274af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21290af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/21304af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21319af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21334af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21338af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21346af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21370af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21392af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21501af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21537af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21598af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21632af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/22036af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27181af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27222af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/27832af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/blog/76af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1016628af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1016671af854a3a-2127-422b-91ae-364da2661108
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2006/dsa-1137af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/27723af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2006-0603.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2006-0648.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/19283af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/19289af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/usn-330-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2006/3101af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2006/3105af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2007/3486af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2007/4034af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://issues.rpath.com/browse/RPL-558af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Source: secalert@redhat.com
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lwn.net/Alerts/194228/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/21253
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21274
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21290
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/21304
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21319
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21334
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21338
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21346
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21370
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21392
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21501
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21537
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21598
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21632
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22036
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27181
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27222
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27832
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/blog/76
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1016628
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://securitytracker.com/id?1016671
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2006/dsa-1137
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.osvdb.org/27723
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0603.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0648.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/19283
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/19289
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-330-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Source: secalert@redhat.com
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/3101
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/3105
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/3486
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/4034
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://issues.rpath.com/browse/RPL-558
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
Source: secalert@redhat.com
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lwn.net/Alerts/194228/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/21253
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21274
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21290
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/21304
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21319
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21334
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21338
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21346
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21370
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21392
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21501
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21537
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21598
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21632
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22036
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27181
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27222
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27832
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/blog/76
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1016628
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1016671
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2006/dsa-1137
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/27723
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0603.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0648.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/19283
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/19289
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-330-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-214A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/3101
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/3105
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/3486
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/4034
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://issues.rpath.com/browse/RPL-558
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2552Records found
CVE-2004-1307
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.11% / 89.44%
||
7 Day CHG~0.00%
Published-04 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Action-Not Available
Vendor-conectivascon/aLibTIFFGentoo Foundation, Inc.Silicon Graphics, Inc.Avaya LLCF5, Inc.Apple Inc.Sun Microsystems (Oracle Corporation)Mandriva (Mandrakesoft)
Product-cvlanmn100libtiffintegrated_managementicontrol_service_managermac_os_xlinuxintuity_audix_lxpropackmandrake_linux_corporate_serversolarisinteractive_responseunixwaremac_os_x_servermodular_messaging_message_storage_serversunoscall_management_system_servermandrake_linuxn/a
CVE-2004-0803
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.88% / 94.88%
||
7 Day CHG~0.00%
Published-26 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

Action-Not Available
Vendor-trustixpdflibwxgtk2n/aKDELibTIFFSUSERed Hat, Inc.Apple Inc.Mandriva (Mandrakesoft)
Product-secure_linuxlibtiffwxgtk2pdf_librarykdemac_os_x_serverenterprise_linux_desktopsuse_linuxfedora_coremac_os_xenterprise_linuxlinux_advanced_workstationmandrake_linuxn/a
CVE-2004-0629
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-20.76% / 95.38%
||
7 Day CHG~0.00%
Published-18 Aug, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CVE-2004-0194
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.00% / 94.90%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readern/a
CVE-2004-0632
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-23.15% / 95.72%
||
7 Day CHG~0.00%
Published-16 Jul, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CVE-2003-0508
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.99% / 94.71%
||
7 Day CHG~0.00%
Published-04 Jul, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readern/a
CVE-2019-8221
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.27% / 89.61%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:26
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2003-0434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.52% / 96.01%
||
7 Day CHG~0.00%
Published-18 Jun, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

Action-Not Available
Vendor-xpdfn/aRed Hat, Inc.Mandriva (Mandrakesoft)Adobe Inc.
Product-acrobatxpdfmandrake_linux_corporate_serverlinuxenterprise_linuxlinux_advanced_workstationmandrake_linuxn/a
CVE-2003-0284
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.22% / 78.29%
||
7 Day CHG-0.16%
Published-14 May, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatn/a
CVE-2010-2861
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-94.29% / 99.93%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/aColdFusion
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-2233
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.37% / 84.34%
||
7 Day CHG~0.00%
Published-01 Jul, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-3465
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-12.48% / 93.66%
||
7 Day CHG~0.00%
Published-03 Aug, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CVE-1999-1576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.95% / 96.06%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, PDF.PdfCtrl.1) 1.3.188 for Acrobat Reader 4.0 allows remote attackers to execute arbitrary code via the pdf.setview method.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readern/a
CVE-2017-11304
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-12.58% / 93.69%
||
7 Day CHG~0.00%
Published-09 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-photoshopAdobe Photoshop 18.1.1 (2017.1.1) and earlier versions
CWE ID-CWE-416
Use After Free
CVE-2008-1203
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.44% / 91.37%
||
7 Day CHG~0.00%
Published-12 Mar, 2008 | 00:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 does not log failed authentication attempts, which makes it easier for remote attackers to conduct brute force attacks without detection.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CVE-2008-5331
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.75%
||
7 Day CHG~0.00%
Published-05 Dec, 2008 | 00:00
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatn/a
CWE ID-CWE-310
Not Available
CVE-2017-11283
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-23.86% / 95.80%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionAdobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-9671
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.64%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 00:00
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-creative_cloud_desktop_applicationwindowsAdobe Creative Cloud Desktop Application
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-9669
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.24% / 78.45%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 23:59
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowscreative_cloudAdobe Creative Cloud Desktop Application
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-9670
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 23:59
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-creative_cloud_desktop_applicationwindowsAdobe Creative Cloud Desktop Application
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2009-1365
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.96% / 82.72%
||
7 Day CHG~0.00%
Published-01 May, 2009 | 17:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.4 and 3.5.x before 3.5.2, as used in Flash Media Interactive Server and Flash Media Streaming Server, allows remote attackers to execute arbitrary remote procedures within an ActionScript file on the server via RPC requests.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_media_servern/a
CVE-2019-19595
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.56% / 89.91%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 15:25
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.

Action-Not Available
Vendor-n/aAdobe Inc.PrestaShop S.A
Product-stock_api_integrationprestashopn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-19594
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.56% / 89.91%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 15:26
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.

Action-Not Available
Vendor-n/aAdobe Inc.PrestaShop S.A
Product-stock_api_integrationprestashopn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-16444
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.25% / 78.47%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 14:29
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting (default folder privilege escalation) vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CVE-2007-2682
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.77% / 81.88%
||
7 Day CHG~0.00%
Published-18 May, 2007 | 18:00
Updated-07 Aug, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.
Product-creative_suitemac_os_xn/a
CVE-2020-3797
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 92.78%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 16:00
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3793
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-25.38% / 95.99%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 15:58
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-3795
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-14.19% / 94.11%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 15:58
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3783
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-24.98% / 95.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3807
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.07% / 96.50%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 17:28
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-4878
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-93.28% / 99.80%
||
7 Day CHG-0.06%
Published-06 Feb, 2018 | 20:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||The impacted product is end-of-life and should be disconnected if still in use.

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft CorporationApple Inc.Red Hat, Inc.Google LLCLinux Kernel Organization, Inc
Product-windows_8.1macoschrome_oslinux_kernelenterprise_linux_desktopwindows_10flash_playerenterprise_linux_serverwindowsenterprise_linux_workstationAdobe Flash Player before 28.0.0.161Flash Player
CWE ID-CWE-416
Use After Free
CVE-2018-4995
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.37%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2020-3799
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-28.80% / 96.37%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 16:00
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-19716
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-15.50% / 94.40%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2008-1656
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.66% / 88.89%
||
7 Day CHG~0.00%
Published-09 Apr, 2008 | 19:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CWE ID-CWE-264
Not Available
CVE-2007-0046
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-64.86% / 98.40%
||
7 Day CHG-2.40%
Published-03 Jan, 2007 | 20:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readern/a
CVE-2020-3787
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 92.78%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3789
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 92.78%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:33
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3785
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 92.78%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3801
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-20.74% / 95.38%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 17:15
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2016-4121
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.92% / 87.83%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-416
Use After Free
CVE-2018-12828
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-14.98% / 94.29%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_osmac_os_xwindowswindows_10enterprise_linux_desktopflash_playerAdobe Flash Player 30.0.0.134 and earlier
CVE-2018-12808
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.25% / 83.91%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12848
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-25.26% / 95.98%
||
7 Day CHG+4.52%
Published-25 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAcrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-12829
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.10% / 83.37%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-creative_cloudAdobe Creative Cloud Desktop Application before 4.6.1
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-12825
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-14.98% / 94.29%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_osmac_os_xwindowswindows_10enterprise_linux_desktopflash_playerAdobe Flash Player 30.0.0.134 and earlier
CVE-2016-1114
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.34% / 84.23%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-12805
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.50% / 84.74%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-connectAdobe Connect 9.7.5 and earlier
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2018-12785
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-15.50% / 94.40%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8668
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.58% / 91.46%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.

Action-Not Available
Vendor-n/aRed Hat, Inc.LibTIFFOracle Corporation
Product-enterprise_linuxenterprise_linux_desktopvm_serverenterprise_linux_workstationlibtifflinuxn/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 51
  • 52
  • Next
Details not found