Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-0071

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Apr, 2008 | 21:00
Updated At-07 Aug, 2024 | 12:03
Rejected At-
Credits

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Apr, 2008 | 21:00
Updated At:07 Aug, 2024 | 12:03
Rejected At:
▼CVE Numbering Authority (CNA)

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1020114
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/29865
third-party-advisory
x_refsource_SECUNIA
http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
x_refsource_MISC
http://secunia.com/advisories/30507
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/29386
vdb-entry
x_refsource_BID
http://www.us-cert.gov/cas/techalerts/TA08-149A.html
third-party-advisory
x_refsource_CERT
http://www.adobe.com/support/security/bulletins/apsb08-11.html
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/1724/references
vdb-entry
x_refsource_VUPEN
http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
x_refsource_MISC
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2008-0221.html
vendor-advisory
x_refsource_REDHAT
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
third-party-advisory
x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379
vdb-entry
signature
x_refsource_OVAL
http://www.zerodayinitiative.com/advisories/ZDI-08-032/
x_refsource_MISC
http://www.vupen.com/english/advisories/2008/1662/references
vdb-entry
x_refsource_VUPEN
http://www.osvdb.org/44282
vdb-entry
x_refsource_OSVDB
http://isc.sans.org/diary.html?storyid=4465
x_refsource_MISC
http://secunia.com/advisories/30430
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
vendor-advisory
x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/bid/28695
vdb-entry
x_refsource_BID
http://secunia.com/advisories/29763
third-party-advisory
x_refsource_SECUNIA
http://www.securitytracker.com/id?1019811
vdb-entry
x_refsource_SECTRACK
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
vendor-advisory
x_refsource_SUNALERT
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
vendor-advisory
x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/37277
vdb-entry
x_refsource_XF
http://www.vupen.com/english/advisories/2008/1697
vdb-entry
x_refsource_VUPEN
http://www.kb.cert.org/vuls/id/159523
third-party-advisory
x_refsource_CERT-VN
http://www.us-cert.gov/cas/techalerts/TA08-100A.html
third-party-advisory
x_refsource_CERT
http://www.kb.cert.org/vuls/id/395473
third-party-advisory
x_refsource_CERT-VN
http://www.iss.net/threats/289.html
third-party-advisory
x_refsource_ISS
http://secunia.com/advisories/30404
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1020114
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/29865
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/30507
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/29386
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-149A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb08-11.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2008/1724/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
Resource:
x_refsource_MISC
Hyperlink: http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
Resource:
x_refsource_MISC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0221.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-08-032/
Resource:
x_refsource_MISC
Hyperlink: http://www.vupen.com/english/advisories/2008/1662/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.osvdb.org/44282
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://isc.sans.org/diary.html?storyid=4465
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/30430
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/28695
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/29763
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1019811
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37277
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.vupen.com/english/advisories/2008/1697
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.kb.cert.org/vuls/id/159523
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-100A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.kb.cert.org/vuls/id/395473
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.iss.net/threats/289.html
Resource:
third-party-advisory
x_refsource_ISS
Hyperlink: http://secunia.com/advisories/30404
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1020114
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/29865
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
x_refsource_MISC
x_transferred
http://secunia.com/advisories/30507
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/29386
vdb-entry
x_refsource_BID
x_transferred
http://www.us-cert.gov/cas/techalerts/TA08-149A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.adobe.com/support/security/bulletins/apsb08-11.html
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2008/1724/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
x_refsource_MISC
x_transferred
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
x_refsource_MISC
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0221.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
third-party-advisory
x_refsource_CERT
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.zerodayinitiative.com/advisories/ZDI-08-032/
x_refsource_MISC
x_transferred
http://www.vupen.com/english/advisories/2008/1662/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.osvdb.org/44282
vdb-entry
x_refsource_OSVDB
x_transferred
http://isc.sans.org/diary.html?storyid=4465
x_refsource_MISC
x_transferred
http://secunia.com/advisories/30430
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/bid/28695
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/29763
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securitytracker.com/id?1019811
vdb-entry
x_refsource_SECTRACK
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/37277
vdb-entry
x_refsource_XF
x_transferred
http://www.vupen.com/english/advisories/2008/1697
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.kb.cert.org/vuls/id/159523
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.us-cert.gov/cas/techalerts/TA08-100A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.kb.cert.org/vuls/id/395473
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.iss.net/threats/289.html
third-party-advisory
x_refsource_ISS
x_transferred
http://secunia.com/advisories/30404
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1020114
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/29865
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/30507
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/29386
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-149A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb08-11.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1724/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0221.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-08-032/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1662/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.osvdb.org/44282
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://isc.sans.org/diary.html?storyid=4465
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/30430
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/28695
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/29763
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019811
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37277
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1697
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/159523
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-100A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/395473
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.iss.net/threats/289.html
Resource:
third-party-advisory
x_refsource_ISS
x_transferred
Hyperlink: http://secunia.com/advisories/30404
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Apr, 2008 | 21:05
Updated At:30 Oct, 2018 | 16:26

Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Adobe Inc.
adobe
>>flash_player>>Versions from 8.0(inclusive) to 8.0.39.0(inclusive)
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>Versions from 9.0(inclusive) to 9.0.115.0(inclusive)
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.htmlcve@mitre.org
Vendor Advisory
http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdfcve@mitre.org
Broken Link
http://isc.sans.org/diary.html?storyid=4465cve@mitre.org
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlcve@mitre.org
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.htmlcve@mitre.org
Third Party Advisory
http://secunia.com/advisories/29763cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/29865cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/30404cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/30430cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/30507cve@mitre.org
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1cve@mitre.org
Broken Link
http://www.adobe.com/support/security/bulletins/apsb08-11.htmlcve@mitre.org
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xmlcve@mitre.org
Third Party Advisory
http://www.iss.net/threats/289.htmlcve@mitre.org
Broken Link
http://www.kb.cert.org/vuls/id/159523cve@mitre.org
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/395473cve@mitre.org
Third Party Advisory
US Government Resource
http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/cve@mitre.org
Third Party Advisory
http://www.osvdb.org/44282cve@mitre.org
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0221.htmlcve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/28695cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/29386cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1019811cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020114cve@mitre.org
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-100A.htmlcve@mitre.org
Third Party Advisory
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA08-149A.htmlcve@mitre.org
Third Party Advisory
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA08-150A.htmlcve@mitre.org
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2008/1662/referencescve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1697cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1724/referencescve@mitre.org
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-032/cve@mitre.org
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37277cve@mitre.org
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379cve@mitre.org
Third Party Advisory
Hyperlink: http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://isc.sans.org/diary.html?storyid=4465
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/29763
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/29865
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30404
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30430
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/30507
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb08-11.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.iss.net/threats/289.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.kb.cert.org/vuls/id/159523
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/395473
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.osvdb.org/44282
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0221.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/28695
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/29386
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1019811
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1020114
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-100A.html
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-149A.html
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2008/1662/references
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2008/1697
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2008/1724/references
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-08-032/
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/37277
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10379
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1436Records found
CVE-2017-2948
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-8.20% / 91.85%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2930
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-73.56% / 98.75%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3014
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.67% / 85.22%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset form functionality. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2017-3047
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.54% / 87.22%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2017-2945
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-8.44% / 91.97%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2928
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.06% / 76.74%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-43028
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush M4A File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere Rush
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3068
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-38.10% / 97.11%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linuxwindows_10flash_playermac_os_xAdobe Flash Player 25.0.0.148 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2963
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.52% / 84.81%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to handling of the color profile in a TIFF file. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43015
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.99% / 75.93%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 15:32
Updated-23 Apr, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InCopy GIF File Parsing Memory Corruption Arbitrary Code Execution

Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-incopywindowsmacosInCopy
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42270
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.29% / 78.80%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:43
Updated-23 Apr, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.

Action-Not Available
Vendor-Adobe Inc.
Product-animateAnimate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3025
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.53% / 84.85%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42532
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.72% / 71.56%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:24
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-xmp_toolkit_software_development_kitdebian_linuxXMP Toolkit
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-43029
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush M4A File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere Rush
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3117
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-29.15% / 96.41%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3041
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.90% / 85.81%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3011
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-6.26% / 90.53%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-2991
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.18% / 77.85%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2998
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.00% / 76.06%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-chrome_oslinux_kernelflash_player_desktop_runtimewindows_8.1windowswindows_10flash_playermac_os_xAdobe Flash Player 24.0.0.221 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42529
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.62% / 69.07%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:24
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-xmp_toolkit_software_development_kitdebian_linuxXMP Toolkit
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42524
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.29% / 78.80%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:45
Updated-23 Apr, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsanimateAnimate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2006-5857
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-22.24% / 95.59%
||
7 Day CHG~0.00%
Published-10 Jan, 2007 | 02:00
Updated-07 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobatn/a
CWE ID-CWE-399
Not Available
CVE-2021-42267
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.95% / 75.42%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:40
Updated-23 Apr, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate FLA File Parsing Memory Corruption Arbitrary Code Execution

Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.
Product-animateAnimate
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42731
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.93% / 75.12%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 21:10
Updated-23 Apr, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Indesign Buffer Overflow Could Lead to Remote Code Execution

Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-42530
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.62% / 69.07%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 22:24
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution

XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-xmp_toolkit_software_development_kitdebian_linuxXMP Toolkit
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-43025
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush SVG File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42526
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Elements WAV file memory corruption vulnerability could lead to arbitrary code execution

Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-premiere_elementswindowsmacosPremiere Elements
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43024
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush WAV File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere Rush
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42738
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 15:25
Updated-23 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Prelude MXF File Parsing Memory Corruption Arbitrary Code Execution

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspreludePrelude
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43026
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush MXF File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere Rush
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42721
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.95% / 87.88%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 20:02
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Use After Free could lead to Arbitrary code execution

Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsmedia_encoderBridge
CWE ID-CWE-416
Use After Free
CVE-2021-43023
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.85% / 85.69%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush EPS/TIFF File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EPS/TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42272
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.29% / 78.80%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:44
Updated-23 Apr, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsanimateAnimate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42269
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.82% / 82.11%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:42
Updated-23 Apr, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate FLA File Parsing Use After Free Remote Code Execution

Adobe Animate version 21.0.9 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed FLA file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-animateAnimate
CWE ID-CWE-416
Use After Free
CVE-2021-42271
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.29% / 78.80%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:43
Updated-23 Apr, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.

Action-Not Available
Vendor-Adobe Inc.
Product-animateAnimate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40754
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.73% / 81.65%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:19
Updated-23 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects WAV File Parsing Memory Corruption Arbitrary Code Execution

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40765
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-16 Sep, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Character Animator Memory Corruption could lead to Arbitrary code execution

Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowscharacter_animatormacosCharacter Animator (Preview 4)
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40702
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.83% / 87.68%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 15:42
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Elements psd Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-premiere_elementswindowsmacosPremiere
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40738
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Audition WAV file Memory corruption could lead to Arbitrary code execution

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40735
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.83% / 87.68%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Audition Memory Corruption could lead to Arbitrary code execution

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40755
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.88% / 74.43%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:20
Updated-23 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects SGI File Parsing Memory Corruption Arbitrary Code Execution

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SGI file in the DoReadContinue function, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40760
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.63% / 81.12%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:27
Updated-23 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40740
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Audition Memory Corruption could lead to Arbitrary code execution

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40758
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.63% / 81.12%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:26
Updated-23 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects WAV File Parsing Memory Corruption Arbitrary Code Execution

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40701
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.83% / 87.68%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 15:43
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Elements m4a Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-premiere_elementswindowsmacosPremiere
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40739
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Audition Memory Corruption could lead to Arbitrary code execution

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16411
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.59% / 90.78%
||
7 Day CHG~0.00%
Published-09 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobat_dcacrobatacrobat_reader_dcAdobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40734
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.12% / 83.44%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Audition Memory Corruption could lead to Arbitrary code execution

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16363
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-17.92% / 94.89%
||
7 Day CHG~0.00%
Published-09 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobat_dcacrobatacrobat_reader_dcAdobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-16394
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.67% / 92.09%
||
7 Day CHG~0.00%
Published-09 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobat_dcacrobatacrobat_reader_dcAdobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 28
  • 29
  • Next
Details not found