Bulletin ID
Last updated on
May 16, 2021
|
Also applies to Digital Editions
Security Updates Available for Adobe Digital Editions | APSB18-13
|
|
Date Published |
Priority |
|---|---|---|
|
APSB18-13 |
April 10, 2018 |
3 |
Summary
Adobe has released a security update for Adobe Digital Editions. This update resolves an out-of-bounds read vulnerability (CVE-2018-4925) rated Important, and a stack overflow vulnerability (CVE-2018-4926) caused by unsafe processing of specially crafted epub files.
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Digital Editions |
4.5.7 and below |
Windows, Macintosh, iOS and Android |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
| Product | Version | Platform | Priority | Availability |
|---|---|---|---|---|
| Adobe Digital Editions | 4.5.8 | Windows | 3 | Download Page |
| Macintosh | 3 | Download Page | ||
| iOS | 3 | iTunes | ||
| Android | 3 | Playstore |
Note:
- Customers using Adobe Digital Editions 4.5.7 can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.
- For more information, please reference the release notes.
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|---|---|---|---|
|
Out-of-bounds read |
Information Disclosure |
Important |
CVE-2018-4925 |
|
Stack Overflow |
Information Disclosure |
Important |
CVE-2018-4926 |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Steven (mr_me) Seeley of Source Incite (CVE-2018-4925)
- Phil Blankenship of Cerberus Security (CVE-2018-4926)
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online