==================================================================== CERT-Renater Note d'Information No. 2018/VULN141 _____________________________________________________________________ DATE : 11/04/2018 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Adobe Digital Editions versions prior to 4.5.8. ===================================================================== https://helpx.adobe.com/security/products/Digital-Editions/apsb18-13.html _____________________________________________________________________ Adobe Security Bulletin Applies to: Digital Editions Last Published: April 11, 2018 Security Updates Available for Adobe Digital Editions | APSB18-13 +-------------------------+--------------------------------+------------------+ |Bulletin ID |Date Published |Priority | +-------------------------+--------------------------------+------------------+ |APSB18-13 |April 10, 2018 |3 | +-------------------------+--------------------------------+------------------+ Summary Adobe has released a security update for Adobe Digital Editions. This update resolves an out-of-bounds read vulnerability (CVE-2018-4925) rated Important, and a stack overflow vulnerability (CVE-2018-4926) caused by unsafe processing of specially crafted epub files. Affected product versions +------------------------------+--------------+-------------------------------+ | Product | Version | Platform | +------------------------------+--------------+-------------------------------+ |Adobe Digital Editions |4.5.7 and |Windows, Macintosh, iOS and | | |below | Android | +------------------------------+--------------+-------------------------------+ Solution Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version: +------------------------+--------+----------+---------+----------------------+ |Product |Version |Platform |Priority |Availability | +------------------------+--------+----------+---------+----------------------+ | | |Windows |3 |Download Page | | | +----------+---------+----------------------+ | | |Macintosh |3 |Download Page | |Adobe Digital Editions |4.5.8 +----------+---------+----------------------+ | | |iOS |3 |iTunes | | | +----------+---------+----------------------+ | | |Android |3 |Playstore | +------------------------+--------+----------+---------+----------------------+ Note: o Customers using Adobe Digital Editions 4.5.7 can download the update from the Adobe Digital Editions download page, or utilize the product's update mechanism when prompted. o For more information, please reference the release notes. Vulnerability details +-----------------------+-----------------------+----------+--------------+ |Vulnerability Category |Vulnerability Impact |Severity |CVE Numbers| +-----------------------+-----------------------+----------+--------------+ |Out-of-bounds read |Information Disclosure |Important |CVE-2018-4925| +-----------------------+-----------------------+----------+--------------+ |Stack Overflow |Information Disclosure |Important |CVE-2018-4926| +-----------------------+-----------------------+----------+--------------+ Acknowledgments Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers: o Steven (mr_me) Seeley of Source Incite (CVE-2018-4925) o Phil Blankenship of Cerberus Security (CVE-2018-4926) ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================