CVE Vulnerabilities

CVE-2018-5030

NULL Pointer Dereference

Published: Jul 20, 2018 | Modified: Aug 21, 2019
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Acrobat_dc Adobe 15.006.30060 (including) 15.006.30418 (including)
Acrobat_dc Adobe 15.008.20082 (including) 18.011.20040 (including)
Acrobat_dc Adobe 17.011.30059 (including) 17.011.30080 (including)
Acrobat_reader_dc Adobe 15.006.30060 (including) 15.006.30418 (including)
Acrobat_reader_dc Adobe 15.008.20082 (including) 18.011.20040 (including)
Acrobat_reader_dc Adobe 17.011.30059 (including) 17.011.30080 (including)

Potential Mitigations

References