High severity7.3CISA KEVNVD Advisory· Published Sep 9, 2010· Updated Apr 21, 2026
CVE-2010-2883
CVE-2010-2883
Description
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- secunia.com/advisories/41340nvdBroken LinkVendor Advisory
- secunia.com/advisories/43025nvdBroken LinkVendor Advisory
- security.gentoo.org/glsa/glsa-201101-08.xmlnvdThird Party Advisory
- www.adobe.com/support/security/advisories/apsa10-02.htmlnvdVendor Advisory
- www.adobe.com/support/security/bulletins/apsb10-21.htmlnvdVendor Advisory
- www.kb.cert.org/vuls/id/491991nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/43057nvdBroken LinkThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA10-279A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2010/2331nvdBroken LinkVendor Advisory
- www.vupen.com/english/advisories/2011/0191nvdBroken LinkVendor Advisory
- www.vupen.com/english/advisories/2011/0344nvdBroken LinkVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/61635nvdThird Party AdvisoryVDB Entry
- blog.metasploit.com/2010/09/return-of-unpublished-adobe.htmlnvdBroken Link
- community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspxnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlnvdBroken Link
- www.redhat.com/support/errata/RHSA-2010-0743.htmlnvdBroken Link
- www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txtnvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586nvdBroken Link
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.