Acrobat Reader Security Vulnerabilities and Issues — Page 23 of Acrobat Reader CVE List

CVE-2018-5027

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

8.8CVSS9.2AI score0.25649EPSS

CVE-2018-5037

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5051

8.8CVSS9.3AI score0.09759EPSS

CVE-2018-5059

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-5060

10CVSS9.5AI score0.23877EPSS

CVE-2018-5064

7.5CVSS7.8AI score0.23856EPSS

CVE-2018-5068

CVE•added 2005/05/02 4:0 a.m.•49 views

CVE-2005-0035

The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method.

5.1CVSS6.8AI score0.03801EPSS

CVE•added 2005/06/15 4:0 a.m.•49 views

CVE-2005-1306

The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."

7.5CVSS7.5AI score0.16058EPSS

CVE•added 2006/04/13 6:2 p.m.•49 views

CVE-2006-1627

Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associat...

7.5CVSS6.3AI score0.03701EPSS

CVE•added 2006/06/19 9:2 p.m.•49 views

CVE-2006-3093

Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors.

6.8CVSS6.6AI score0.03007EPSS

CVE•added 2007/01/03 9:28 p.m.•49 views

CVE-2007-0047

CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (...

6.8CVSS6.6AI score0.04423EPSS

CVE•added 2008/06/25 12:36 p.m.•49 views

CVE-2008-2641

Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."

10CVSS7.6AI score0.38738EPSS

CVE•added 2010/04/14 4:0 p.m.•49 views

CVE-2010-0192

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196.

9.3CVSS9.6AI score0.41095EPSS

CVE•added 2010/04/14 4:0 p.m.•49 views

CVE-2010-0193

9.3CVSS9.6AI score0.41095EPSS

CVE•added 2010/04/14 4:0 p.m.•49 views

CVE-2010-0198

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203.

9.3CVSS7.6AI score0.26977EPSS

CVE•added 2014/09/17 10:55 a.m.•49 views

CVE-2014-0560

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

10CVSS7.5AI score0.15201EPSS

CVE•added 2014/09/17 10:55 a.m.•49 views

CVE-2014-0562

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

4.3CVSS5.2AI score0.00649EPSS

CVE•added 2014/12/10 9:59 p.m.•49 views

CVE-2014-8455

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-9165.

10CVSS7.4AI score0.2145EPSS

CVE•added 2014/12/10 9:59 p.m.•49 views

CVE-2014-8458

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE...

10CVSS7.6AI score0.27545EPSS

CVE•added 2015/07/15 2:59 p.m.•49 views

CVE-2015-5096

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unsp...

10CVSS7.9AI score0.04398EPSS

CVE•added 2015/10/14 11:59 p.m.•49 views

CVE-2015-6688

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a ...

6.8CVSS7.1AI score0.05379EPSS

CVE-2018-12761

8.8CVSS9.2AI score0.08743EPSS

CVE-2018-12776

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE-2018-12803

CVE•added 2018/07/09 7:29 p.m.•49 views

CVE-2018-4960

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

7.5CVSS7.8AI score0.02199EPSS

CVE•added 2018/07/09 7:29 p.m.•49 views

CVE-2018-4986

7.5CVSS7.8AI score0.02199EPSS

CVE-2018-5014

CVE-2018-5019

7.5CVSS7.8AI score0.08191EPSS

CVE-2018-5024

7.5CVSS7.8AI score0.08191EPSS

CVE-2018-5026

CVE-2018-5031

CVE-2018-5035

CVE-2018-5039

CVE-2018-5046

8.8CVSS9.2AI score0.15601EPSS

CVE-2018-5065

8.8CVSS9.2AI score0.13655EPSS

CVE-2018-5067

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVE•added 2021/09/29 4:15 p.m.•49 views

CVE-2021-39842

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio...

7.8CVSS7.6AI score0.56988EPSS

CVE•added 2021/09/29 4:15 p.m.•49 views

CVE-2021-39843

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inte...

7.8CVSS7.7AI score0.31328EPSS

CVE•added 2024/08/14 3:15 p.m.•49 views

CVE-2024-39422

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open...

7.8CVSS7.8AI score0.00081EPSS

CVE•added 2024/08/14 3:15 p.m.•49 views

CVE-2024-39424

7.8CVSS7.8AI score0.00081EPSS

CVE•added 2004/09/01 4:0 a.m.•48 views

CVE-2001-1069

libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.

7.2CVSS6.3AI score0.0009EPSS

CVE•added 2008/03/06 12:44 a.m.•48 views

CVE-2008-0883

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

3.7CVSS6AI score0.00089EPSS

CVE•added 2011/02/10 6:0 p.m.•48 views

CVE-2011-0565

Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585.

9.3CVSS7.7AI score0.06784EPSS

7.5CVSS7.8AI score0.23856EPSS

CVE-2018-12766

7.5CVSS7.8AI score0.23856EPSS

CVE-2018-12767

CVE-2018-12781