Missing Release of Resource after Effective Lifetime

CVE-2015-6704

Medium

4.3/10

Summary

The animations property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, and CVE-2015-6703.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-772 - Missing Release Of Resource After Effective Lifetime

'Missing release of resource after effective lifetime' is a weakness that occurs when software doesn't sufficiently release a resource (e.g. memory, CPU, disk space, etc.) after it is used. If not addressed, attackers can launch a denial of service attack (by allocating a resource and not releasing it).

References

Advisory Timeline

Published Oct 14, 2015

Missing Release of Resource after Effective Lifetime

CVE-2015-6704

Summary

CWE-772 - Missing Release Of Resource After Effective Lifetime

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS