Framemaker
CVE-2021-39833
LOW
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Primary rating from Vendor (adobe) · only source for this CVE.
CVSS VectorVendor: adobe
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.
AnalysisAI
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. Affected products include: Adobe Framemaker.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Framemaker
View allAdobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Rated critical severity (CVSS 9.8),
Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Rated high severity (CVSS 8.8), thi
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8),
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8),
Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Rated high severity (CVSS 8.8), thi
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8),
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8),
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8),
Adobe Framemaker versions 2019.0.4 and below have a heap overflow vulnerability. Rated high severity (CVSS 8.8), this vu
Adobe Framemaker versions 2019.0.4 and below have a buffer error vulnerability. Rated high severity (CVSS 8.8), this vul
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8),
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8),
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today