CVE-2018-4990

CVSS 8.8 HIGHEPSS 40.5%● KEVCWE-415

In short

Adobe Acrobat and Reader have a flaw where memory is freed twice, allowing attackers to run malicious code with user permissions. This puts your computer at risk if you open a specially crafted PDF file.

Technical detail

Double Free vulnerability in Adobe Acrobat/Reader allows an attacker to craft a malicious PDF that triggers improper memory deallocation, leading to heap corruption and arbitrary code execution in the user's security context. Exploitation requires user interaction to open the malicious document.

Summary generated and translated by AI from the official description.

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://helpx.adobe.com/security/products/acrobat/apsb18-09.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4990 http://www.securityfocus.com/bid/104167 http://www.securitytracker.com/id/1040920