cnvd - cnvd-2022-11147

cnvd-2022-11147

Vulnerability from cnvd

Title

Adobe Acrobat Reader Dc输入验证错误漏洞

Description

Adobe Acrobat Reader Dc是美国Adobe公司的一个Pdf阅读工具。用于可靠查看、打印和注释Pdf文档。 Adobe Acrobat Reader Dc存在输入验证错误漏洞，该漏洞源于对用户提供的输入的验证不充分。远程攻击者可利用漏洞诱骗受害者打开特制的PDF文件并获得对敏感信息的访问权限或使应用程序崩溃。

Severity

中

Patch Name

Adobe Acrobat Reader Dc输入验证错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-44712

Impacted products

Name
['Adobe Acrobat Reader DC <=21.007.20099', 'Adobe Acrobat Reader DC <=20.004.30017', 'Adobe Acrobat Reader DC <=17.011.30204']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-44712",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-44712"
    }
  },
  "description": "Adobe Acrobat Reader Dc\u662f\u7f8e\u56fdAdobe\u516c\u53f8\u7684\u4e00\u4e2aPdf\u9605\u8bfb\u5de5\u5177\u3002\u7528\u4e8e\u53ef\u9760\u67e5\u770b\u3001\u6253\u5370\u548c\u6ce8\u91caPdf\u6587\u6863\u3002 \n\nAdobe Acrobat Reader Dc\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u7684\u9a8c\u8bc1\u4e0d\u5145\u5206\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8bf1\u9a97\u53d7\u5bb3\u8005\u6253\u5f00\u7279\u5236\u7684PDF\u6587\u4ef6\u5e76\u83b7\u5f97\u5bf9\u654f\u611f\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u6216\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://helpx.adobe.com/security/products/acrobat/apsb22-01.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-11147",
  "openTime": "2022-02-17",
  "patchDescription": "Adobe Acrobat Reader Dc\u662f\u7f8e\u56fdAdobe\u516c\u53f8\u7684\u4e00\u4e2aPdf\u9605\u8bfb\u5de5\u5177\u3002\u7528\u4e8e\u53ef\u9760\u67e5\u770b\u3001\u6253\u5370\u548c\u6ce8\u91caPdf\u6587\u6863\u3002 \r\n\r\nAdobe Acrobat Reader Dc\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u7684\u9a8c\u8bc1\u4e0d\u5145\u5206\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8bf1\u9a97\u53d7\u5bb3\u8005\u6253\u5f00\u7279\u5236\u7684PDF\u6587\u4ef6\u5e76\u83b7\u5f97\u5bf9\u654f\u611f\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u6216\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Acrobat Reader Dc\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Acrobat Reader DC \u003c=21.007.20099",
      "Adobe Acrobat Reader DC \u003c=20.004.30017",
      "Adobe Acrobat Reader DC \u003c=17.011.30204"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-44712",
  "serverity": "\u4e2d",
  "submitTime": "2022-01-25",
  "title": "Adobe Acrobat Reader Dc\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2021-44712 (GCVE-0-2021-44712)

Vulnerability from cvelistv5

Published

2022-01-14 19:05

Modified

2024-09-16 18:08

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-788 - Access of Memory Location After End of Buffer ()

Summary

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References

URL

Tags

https://helpx.adobe.com/security/products/acrobat/apsb22-01.html

x_refsource_MISC