Acrobat Dc Adobe Acrobat Dc

Do you want an email whenever new security vulnerabilities are reported in Adobe Acrobat Dc?

By the Year

In 2021 there have been 17 vulnerabilities in Adobe Acrobat Dc with an average score of 6.5 out of ten. Acrobat Dc did not have any published security vulnerabilities last year. That is, 17 more vulnerabilities have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 17 6.45
2020 0 0.00
2019 0 0.00
2018 39 7.47

It may take a day or so for new Acrobat Dc vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Acrobat Dc Security Vulnerabilities

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-35981 7.8 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-28640 7.3 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-28643 3.3 - Low - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Object Type Confusion

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-28642 7.8 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-28641 7.8 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-28639 7.8 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-28638 7.8 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Heap-based Buffer Overflow

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-28637 7.1 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability achieve arbitrary read / write system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-28636 7.3 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

DLL preloading

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-28634 8.2 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on the host machine in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Shell injection

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-35988 3.3 - Low - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-35987 3.3 - Low - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-35986 3.3 - Low - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to read arbitrary system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Object Type Confusion

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-35985 5.5 - Medium - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-35984 6.5 - Medium - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability achieve an application denial-of-service in the context of the current user. Exploitation of this issue does not requires user interaction.

NULL Pointer Dereference

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-35983 7.8 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader DC versions 2021.005.20054 (and earlier)

CVE-2021-28635 7.8 - High - August 20, 2021

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4907 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4908 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TTF font processing in the XPS module. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4909 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing metadata in JPEG images. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4910 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.

Memory Corruption

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4911 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.

Dangling pointer

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4912 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG 2000 data. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4913 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, related to DOM manipulation. The vulnerability is triggered by crafted XFA script definitions in a PDF file. Successful exploitation could lead to arbitrary code execution.

Dangling pointer

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4914 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4915 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Memory Corruption

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4916 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handless TIFF data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Memory Corruption

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4906 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data related to graphic object image attributes. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4892 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JBIG2 decoder. The vulnerability is triggered by a crafted PDF file that contains a malformed JBIG2 stream. Successful exploitation could lead to arbitrary code execution.

Dangling pointer

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4879 9.8 - Critical - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Memory Corruption

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4880 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the conversion module that reads U3D data. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4881 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that reads bitmap image file (BMP) data. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4882 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the string literal parser. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4883 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine that handles Enhanced Metafile Format (EMF). A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4884 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format (EMF) data that embeds an image in the bitmap (BMP) file format. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4885 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of Enhanced Metafile Format processing engine (within the image conversion module). A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4886 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation occurs in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to handling of bitmap rectangles. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4887 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the Unicode mapping module that is invoked when processing Enhanced Metafile Format (EMF) data (during image conversion). A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4888 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability. The vulnerability is triggered by a crafted PDF file that can cause a memory access violation exception in the XFA engine because of a dangling reference left as a consequence of freeing an object in the computation that manipulates internal nodes in a graph representation of a document object model used in XFA. Successful exploitation could lead to arbitrary code execution.

Dangling pointer

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4889 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4890 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack.

Memory Corruption

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4891 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS module that handles TIFF data. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4872 10 - Critical - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4893 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XPS font processing. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4894 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS font processing. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4895 9.8 - Critical - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Memory Corruption

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4896 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4897 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that parses TIFF metadata. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4898 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Memory Corruption

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4899 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the initial XPS page processing. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4900 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JavaScript manipulation of an Annotation object. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4901 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Memory Corruption

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4902 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution.

Dangling pointer

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4903 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4904 8.8 - High - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

Memory Corruption

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions

CVE-2018-4905 6.5 - Medium - February 27, 2018

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Adobe Acrobat Reader Dc or by Adobe? Click the Watch button to subscribe.

Adobe
Vendor

subscribe