Bug 1698438 (CVE-2019-7125)

Summary: CVE-2019-7125 Adobe Reader: Out-of-bounds memory access due to incorrect integer size promotion leads to arbitrary code execution
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-11 09:46:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marian Rehak 2019-04-10 11:26:32 UTC 
A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.

External Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7125
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0774
Comment 2 Marian Rehak 2019-04-17 06:53:25 UTC 
Closed NOTABUG.