1698438 – (CVE-2019-7125) CVE-2019-7125 Adobe Reader: Out-of-bounds memory access due to incorrect integer size promotion leads to arbitrary code execution

Bug 1698438 (CVE-2019-7125) - CVE-2019-7125 Adobe Reader: Out-of-bounds memory access due to incorrect integer size promotion leads to arbitrary code execution

Summary: CVE-2019-7125 Adobe Reader: Out-of-bounds memory access due to incorrect inte...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-7125
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-04-10 11:26 UTC by Marian Rehak
Modified:	2019-09-29 15:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2019-04-11 09:46:48 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2019-04-10 11:26:32 UTC

A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.

External Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7125
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0774

Comment 2 Marian Rehak 2019-04-17 06:53:25 UTC

Closed NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.