CVE-2020-9725 HIGH

CVE-2020-9725: FrameMaker File Parsing Stack-based Buffer Overflow

Vendor Adobe
Product FrameMaker
Weakness CWE-121
Published September 10, 2020
Last update September 17, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This could be exploited to execute arbitrary code with the privileges of the current user. User interaction is required to exploit this vulnerability in that the target must open a malicious FrameMaker file.

Key dates

02Disclosure timeline

September 10, 2020 CVE published
September 17, 2024 Record updated