CVE-2018-4916

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader versions 2018.009.20050 and earlier Adobe Acrobat Reader versions 2017.011.30070 and earlier Adobe Acrobat Reader versions 2015.006.30394 and earlier

Description The issue is caused by a computation that writes data past the end of the intended buffer, which is part of the image conversion module handling TIFF data. This can potentially allow an attacker to corrupt sensitive data or execute arbitrary code. The vulnerability is related to a heap-based buffer overflow during TIFF parsing, which can be leveraged for remote code execution.

Recommendations For Adobe Acrobat Reader versions 2018.009.20050 and earlier, update to a version later than 2018.009.20050 to resolve the issue. For Adobe Acrobat Reader versions 2017.011.30070 and earlier, update to a version later than 2017.011.30070 to resolve the issue. For Adobe Acrobat Reader versions 2015.006.30394 and earlier, update to a version later than 2015.006.30394 to resolve the issue. As a temporary workaround, consider disabling the image conversion module that handles TIFF data until a patch is available.