Digital Editions
CVE-2018-12820
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
AnalysisAI
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure. Affected products include: Adobe Digital Editions.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Digital Editions
View allAdobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corr
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Rated critical severi
Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve
Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing
Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspe
Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspe
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character c
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today