Skip to main content

Digital Editions CVE-2019-7095

CRITICAL
Out-of-bounds Write (CWE-787)
2019-05-24 psirt@adobe.com
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 24, 2019 - 19:29 nvd
CRITICAL 9.8

DescriptionNVD

Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

AnalysisAI

Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. Affected products include: Adobe Digital Editions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2016-0954 CRITICAL POC
9.8 Mar 09

Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corr

CVE-2017-2973 CRITICAL
9.8 Feb 15

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Rated critical severi

CVE-2013-1377 CRITICAL
10.0 Jul 31

Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory

CVE-2017-3097 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve

CVE-2017-3092 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve

CVE-2017-3090 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve

CVE-2014-0494 CRITICAL
10.0 Jan 23

Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption

CVE-2017-3088 CRITICAL
10.0 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime

CVE-2017-3095 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing

CVE-2016-6980 CRITICAL
9.8 Sep 26

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspe

CVE-2016-4263 CRITICAL
9.8 Sep 16

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspe

CVE-2017-3096 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character c

Share

CVE-2019-7095 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy