Bulletin ID
Last updated on
May 16, 2021
|
Also applies to Digital Editions
Security Updates Available for Adobe Bridge CC | APSB19-25
|
|
Date Published |
Priority |
|---|---|---|
|
APSB19-25 |
April 09, 2019 |
2 |
Summary
Adobe has released security updates for Adobe Bridge CC. These updates address critical findings that could result in remote code execution in the context of the current user.
Affected Versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Bridge CC |
9.0.2 |
Windows and macOS |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version:
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
Adobe Bridge CC |
9.0.3 |
Windows and macOS |
2 |
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|---|---|---|---|
|
Heap Overflow |
Remote Code Execution |
Critical |
CVE-2019-7130 |
|
Out-of-Bounds Write |
Remote Code Execution |
Critical |
CVE-2019-7132 |
|
Out-of-Bounds Read |
Information Disclosure |
Important |
CVE-2019-7133 CVE-2019-7134 CVE-2019-7135 CVE-2019-7138 |
|
Use After Free |
Information Disclosure |
Important |
CVE-2019-7136 |
|
Memory Corruption |
Information Disclosure |
Important |
CVE-2019-7137 |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
Francis Provencher working with Trend Micro Zero Day Initiative (CVE-2019-7130, CVE-2019-7134, CVE-2019-7135, CVE-2019-7136, CVE-2019-7137, CVE-2019-7138)
Mat Powell of Trend Micro Zero Day Initiative (CVE-2019-7132, CVE-2019-7133)