Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Acrobat
(Adobe)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1291 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-02-27 | CVE-2018-4910 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2018-02-27 | CVE-2018-4904 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2018-02-27 | CVE-2018-4872 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 10.0 | ||
| 2017-08-11 | CVE-2017-3122 | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution. | Acrobat, Acrobat_dc, Acrobat_reader_dc, Reader | 6.5 | ||
| 2017-04-12 | CVE-2017-3013 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging. | Acrobat, Acrobat_dc, Acrobat_reader_dc, Reader | 7.8 | ||
| 2017-04-12 | CVE-2017-3012 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin. | Acrobat, Acrobat_dc, Acrobat_reader_dc, Reader | 7.8 | ||
| 2017-12-09 | CVE-2017-16419 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 6.5 | ||
| 2017-12-09 | CVE-2017-16384 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain... | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2017-12-09 | CVE-2017-16380 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be... | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2017-12-09 | CVE-2017-16374 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information,... | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 |