Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Acrobat_reader
(Adobe)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1014 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-24 | CVE-2021-28551 | Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 7.8 | ||
| 2021-08-24 | CVE-2021-28552 | Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 7.8 | ||
| 2021-08-24 | CVE-2021-28554 | Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 7.8 | ||
| 2021-08-24 | CVE-2021-28632 | Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 7.8 | ||
| 2018-02-27 | CVE-2018-4910 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2018-02-27 | CVE-2018-4904 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2018-02-27 | CVE-2018-4872 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 10.0 | ||
| 2017-12-09 | CVE-2017-16419 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources. | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 6.5 | ||
| 2017-12-09 | CVE-2017-16384 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain... | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 | ||
| 2017-12-09 | CVE-2017-16380 | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be... | Acrobat, Acrobat_dc, Acrobat_reader, Acrobat_reader_dc | 8.8 |