Vulnerability-Lookup

CNVD-2021-73440

Vulnerability from cnvd - Published: 2021-09-26

Title

Adobe Framemaker越界读取漏洞

Description

Adobe FrameMaker是一款文档处理程序，用于编写和编辑包括结构化文档在内的大型或复杂文档。 Adobe Framemaker 2019 Update 8、2020 Release Update 2及更早版本存在越界读取漏洞。攻击者可利用该漏洞读取任意文件系统。

Severity

中

Patch Name

Adobe Framemaker越界读取漏洞的补丁

Patch Description

Adobe FrameMaker是一款文档处理程序，用于编写和编辑包括结构化文档在内的大型或复杂文档。 Adobe Framemaker 2019 Update 8、2020 Release Update 2及更早版本存在越界读取漏洞。攻击者可利用该漏洞读取任意文件系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/framemaker/apsb21-74.html

Reference

https://helpx.adobe.com/security/products/framemaker/apsb21-74.html

Impacted products

Name
['Adobe Adobe Framemaker <=2019 Update 8', 'Adobe Adobe Framemaker <=2020 Release Update 2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-40697",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-40697"
    }
  },
  "description": "Adobe FrameMaker\u662f\u4e00\u6b3e\u6587\u6863\u5904\u7406\u7a0b\u5e8f\uff0c\u7528\u4e8e\u7f16\u5199\u548c\u7f16\u8f91\u5305\u62ec\u7ed3\u6784\u5316\u6587\u6863\u5728\u5185\u7684\u5927\u578b\u6216\u590d\u6742\u6587\u6863\u3002\n\nAdobe Framemaker 2019 Update 8\u30012020 Release Update 2\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u7cfb\u7edf\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/framemaker/apsb21-74.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-73440",
  "openTime": "2021-09-26",
  "patchDescription": "Adobe FrameMaker\u662f\u4e00\u6b3e\u6587\u6863\u5904\u7406\u7a0b\u5e8f\uff0c\u7528\u4e8e\u7f16\u5199\u548c\u7f16\u8f91\u5305\u62ec\u7ed3\u6784\u5316\u6587\u6863\u5728\u5185\u7684\u5927\u578b\u6216\u590d\u6742\u6587\u6863\u3002\r\n\r\nAdobe Framemaker 2019 Update 8\u30012020 Release Update 2\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Framemaker\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Adobe Framemaker \u003c=2019 Update 8",
      "Adobe Adobe Framemaker \u003c=2020 Release Update 2"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html",
  "serverity": "\u4e2d",
  "submitTime": "2021-09-15",
  "title": "Adobe Framemaker\u8d8a\u754c\u8bfb\u53d6\u6f0f\u6d1e"
}

CVE-2021-40697 (GCVE-0-2021-40697)

Vulnerability from cvelistv5 – Published: 2021-09-29 15:41 – Updated: 2025-04-23 19:25

Title

Adobe FrameMaker PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Summary

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Severity ?

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-125 - Out-of-bounds Read (CWE-125)

Assigner

adobe

References

URL

Tags

https://helpx.adobe.com/security/products/framema…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Adobe	FrameMaker	Affected: unspecified , ≤ 2020.2 (custom) Affected: unspecified , ≤ 2019.8 (custom) Affected: unspecified , ≤ None (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:51:06.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-40697",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:10:37.960065Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T19:25:42.639Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FrameMaker",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2020.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2019.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-bounds Read (CWE-125)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-29T15:41:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "DATE_PUBLIC": "2021-09-14T23:00:00.000Z",
          "ID": "CVE-2021-40697",
          "STATE": "PUBLIC",
          "TITLE": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FrameMaker",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2020.2"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2019.8"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds Read (CWE-125)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2021-40697",
    "datePublished": "2021-09-29T15:41:01.311Z",
    "dateReserved": "2021-09-08T00:00:00.000Z",
    "dateUpdated": "2025-04-23T19:25:42.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-73440

CVE-2021-40697 (GCVE-0-2021-40697)

Tags

Sightings

Nomenclature