CVE-2010-2883

CVE Database · CVE-2010-2883

CVE-2010-2883

· HIGHAnalyzed

CVSS v3.1

7.3

EPSS

82.48%

Published

Sep 9, 2010

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-06-08 · Due: 2022-06-22

Apply updates per vendor instructions.

Public PoC / Exploit (4)

All weaponized →

Exploit-DBAdobe CoolType - SING Table 'uniqueName' Local Stack Buffer Overflow (Metasploit) (2)Exploit-DBAdobe CoolType - SING Table 'uniqueName' Remote Stack Buffer Overflow (Metasploit) (1)TrickestTrickest PoC index GitHub PoCavielzecharia/CVE-2010-2883★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (8)

adobe · acrobat (up to 8.2.5)vulnerable

adobe · acrobat (up to 9.4)vulnerable

apple · macos

microsoft · windows

adobe · acrobat_reader (up to 8.2.5)vulnerable

adobe · acrobat_reader (up to 9.4)vulnerable

apple · macos