Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Acrobat_reader
(Adobe)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1014 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-02-27 | CVE-2018-4910 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2018-02-27 | CVE-2018-4904 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2018-02-27 | CVE-2018-4872 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 10.0 | ||
| 2017-12-09 | CVE-2017-16419 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 6.5 | ||
| 2017-12-09 | CVE-2017-16384 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain... | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2017-12-09 | CVE-2017-16380 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be... | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2017-12-09 | CVE-2017-16374 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information,... | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2017-12-09 | CVE-2017-16366 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 7.5 | ||
| 2017-12-09 | CVE-2017-16365 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive... | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2017-12-09 | CVE-2017-16363 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to... | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 |