Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-37379

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-29 Mar, 2023 | 00:00
Updated At-14 Feb, 2025 | 20:27
Rejected At-
Credits

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFSpecial_KeystrokeEx method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17168.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:29 Mar, 2023 | 00:00
Updated At:14 Feb, 2025 | 20:27
Rejected At:
▼CVE Numbering Authority (CNA)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFSpecial_KeystrokeEx method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17168.

Affected Products
Vendor
Foxit Software IncorporatedFoxit
Product
PDF Reader
Versions
Affected
  • 11.2.1.53537
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416: Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416: Use After Free
Metrics
VersionBase scoreBase severityVector
3.03.3LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Version: 3.0
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Suyue Guo and Wei You from Renmin University of China
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.foxit.com/support/security-bulletins.html
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-1051/
N/A
Hyperlink: https://www.foxit.com/support/security-bulletins.html
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-1051/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.foxit.com/support/security-bulletins.html
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-1051/
x_transferred
Hyperlink: https://www.foxit.com/support/security-bulletins.html
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-1051/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:29 Mar, 2023 | 19:15
Updated At:06 Apr, 2023 | 15:09

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFSpecial_KeystrokeEx method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17168.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Secondary3.03.3LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CPE Matches
Foxit Software Incorporated
foxit
>>pdf_editor>>Versions before 10.1.9(exclusive)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
Foxit Software Incorporated
foxit
>>pdf_editor>>Versions from 11.0.0(inclusive) to 11.2.3(exclusive)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
Foxit Software Incorporated
foxit
>>pdf_editor>>12.0.0.12394
cpe:2.3:a:foxit:pdf_editor:12.0.0.12394:*:*:*:*:*:*:*
Foxit Software Incorporated
foxit
>>pdf_reader>>Versions before 12.0.1(exclusive)
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primaryzdi-disclosures@trendmicro.com
CWE ID: CWE-416
Type: Primary
Source: zdi-disclosures@trendmicro.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.foxit.com/support/security-bulletins.htmlzdi-disclosures@trendmicro.com
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1051/zdi-disclosures@trendmicro.com
Third Party Advisory
VDB Entry
Hyperlink: https://www.foxit.com/support/security-bulletins.html
Source: zdi-disclosures@trendmicro.com
Resource:
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-1051/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

2060Records found
CVE-2021-31471
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-4.68% / 88.92%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12955.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windows3dReader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-31448
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-3.77% / 87.60%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 20:16
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13273.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerReader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-0968
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-29.58% / 96.46%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Windows Server 2008 R2 Systems Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows 7
CVE-2021-28619
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 53.64%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:15
Updated-23 Apr, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate out-of-bounds read vulnerability could lead to sensitive information disclosure

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsanimateAnimate
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28456
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.17% / 88.25%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverofficeexceloffice_web_apps_server365_appsMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Excel 2013 Service Pack 1Microsoft Office Online ServerMicrosoft Excel 2010 Service Pack 2Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Office 2019Microsoft Office 2019 for Mac
CVE-2021-27265
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-3.77% / 87.60%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 14:35
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12292.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerPhantomPDF
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23769
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.32%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 00:00
Updated-15 May, 2025 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.

Action-Not Available
Vendor-n/aMicrosoft CorporationSamsung
Product-magicianwindowsn/a
CVE-2021-27266
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-3.77% / 87.60%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 14:35
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12293.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerPhantomPDF
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27263
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-7.13% / 91.19%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 14:35
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12290.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerPhantomPDF
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-3354
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-3.3||LOW
EPSS-5.73% / 90.10%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "GDI Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CVE-2024-20735
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.95%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 12:18
Updated-13 Feb, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TALOS-2023-1905 - Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20737
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.77%
||
7 Day CHG+0.01%
Published-10 Apr, 2024 | 08:56
Updated-05 Dec, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effect 2024 RGB File parsing Memory Corruption Vulnerability

After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosafter_effectsAfter Effectsafter_effects
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20762
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.94%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 17:34
Updated-04 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate MP3 File parsing unitialized heap memory corruption

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimateanimate
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20715
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.24%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 12:25
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Stager v2.1.1 Vulnerability VIII

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacossubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20771
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-11 Apr, 2024 | 08:10
Updated-05 Dec, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bridge 2024 MOV File parsing memory corruption

Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsbridgemacosBridgebridge
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20763
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.94%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 17:34
Updated-10 Apr, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate 2024 GIF file parsing memory corruption

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft CorporationApple Inc.
Product-windowsanimatemacosAnimate
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20798
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.15%
||
7 Day CHG~0.00%
Published-11 Apr, 2024 | 08:19
Updated-05 Dec, 2024 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator 2024 CDR File parsing Out of Bound Read Information disclosure vulnerability

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustratorIllustratorillustrator
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20749
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.95%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 12:18
Updated-13 Feb, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TALOS-2023-1910 - Adobe Acrobat Reader Font CharStrings CharStringsOffset out-of-bounds read vulnerability

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20793
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.50%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 08:08
Updated-05 Dec, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator 2024 TIF file parsing Out Of Bound Read Information disclosure vulnerability

Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustratorIllustratorillustrator
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20757
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.40%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 15:54
Updated-04 Dec, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bridge 2024 TIF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability

Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsbridgemacosBridgebridge
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20766
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.44%
||
7 Day CHG+0.01%
Published-10 Apr, 2024 | 12:48
Updated-05 Dec, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Indesign 2024 TIF File Parsing Out-Of-Bound Read Information Disclosure Vulnerabiity

InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20764
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.94%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 17:34
Updated-04 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate 2024 SWF File parsing memory corruption

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimate
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54227
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.65%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:54
Updated-13 Aug, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Read (CWE-125)

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20796
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.15%
||
7 Day CHG~0.00%
Published-11 Apr, 2024 | 10:53
Updated-04 Dec, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animation SWF File Parsing Memory Corruption

Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsanimatemacosAnimateanimate
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20712
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.02%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 12:25
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Stager v2.1.1 Vulnerability III

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacossubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20710
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.01%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 12:25
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Stager v2.1.1 Vulnerability I

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacossubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20711
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.26%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 12:26
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Stager v2.1.1 Vulnerability VII

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacossubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20747
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 16.97%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 12:18
Updated-13 Feb, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TALOS-2023-1908 - Adobe Acrobat Reader Font CharStrings INDEX out-of-bounds read vulnerability

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20736
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.95%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 12:18
Updated-01 Aug, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-22822: Adobe Acrobat Pro DC AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20714
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.24%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 12:25
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Stager v2.1.1 Vulnerability V

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacossubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20748
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.95%
||
7 Day CHG~0.00%
Published-15 Feb, 2024 | 12:18
Updated-13 Feb, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TALOS-2023-1909 - Adobe Acrobat Reader Font avar SegmentMaps out-of-bounds read vulnerability

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20770
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.77%
||
7 Day CHG+0.01%
Published-10 Apr, 2024 | 12:44
Updated-05 Dec, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop 2024 TIF File parsing Out-Of-Bound Read

Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshopmacosPhotoshop Desktopphotoshop
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54228
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.65%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:54
Updated-13 Aug, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Read (CWE-125)

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-21091
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-0.62% / 69.20%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 13:53
Updated-23 Apr, 2025 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge HEIC File Parsing Out-Of-Bounds Read vulnerability could lead to information disclosure

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsbridgeBridge
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54214
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.65%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 20:55
Updated-13 Aug, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Out-of-bounds Read (CWE-125)

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54238
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.65%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 22:33
Updated-14 Aug, 2025 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dimension | Out-of-bounds Read (CWE-125)

Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-dimensionmacoswindowsDimension
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20713
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.02%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 12:25
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Substance 3D Stager v2.1.1 Vulnerability IV

Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacossubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-0137
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-3.3||LOW
EPSS-6.54% / 90.75%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CVE-2025-48812
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.31%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channeloffice_online_server365_appsofficeexcelMicrosoft Excel 2016Office Online ServerMicrosoft Office LTSC 2024Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office 2019Microsoft Office LTSC 2021Microsoft Office LTSC for Mac 2024
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-49525
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.45%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 22:01
Updated-10 Jul, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Out-of-bounds Read (CWE-125)

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-illustratormacoswindowsIllustrator
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8852
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-20.38% / 95.32%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 22:20
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9416.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9622
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.91% / 82.57%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 20:02
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsdigital_negative_software_development_kitAdobe DNG Software Development Kit (SDK)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9618
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-2.61% / 85.07%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:21
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsauditionAdobe Audition
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-8877
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-20.38% / 95.32%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 18:40
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowsfoxit_studio_photoStudio Photo
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9617
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-3.27% / 86.67%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 19:58
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowspremiere_rushAdobe Premiere Rush
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9629
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.91% / 82.57%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 20:01
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsdigital_negative_software_development_kitAdobe DNG Software Development Kit (SDK)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9593
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.91% / 82.57%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:22
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-9608
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.91% / 82.57%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:22
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9609
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.91% / 82.57%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:22
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9595
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.91% / 82.57%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:23
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 41
  • 42
  • Next
Details not found