Acrobat Reader Security Vulnerabilities and Issues — Acrobat Reader CVE List

Lucene search

AdobeAcrobat Reader

1251 matches found

CVE•added 2021/09/02 5:15 p.m.•1145 views

CVE-2021-28550

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the cur...

9.6CVSS8.3AI score0.21352EPSS

CVE•added 2013/02/14 1:55 a.m.•1072 views

CVE-2013-0640

Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013.

9.3CVSS7.7AI score0.92564EPSS

CVE•added 2013/08/30 8:55 p.m.•1062 views

CVE-2013-3346

Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2...

10CVSS7.8AI score0.89499EPSS

CVE•added 2021/02/11 8:15 p.m.•1058 views

CVE-2021-21017

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the contex...

8.8CVSS8.8AI score0.90595EPSS

CVE•added 2011/03/15 5:55 p.m.•1049 views

CVE-2011-0609

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windo...

9.3CVSS8.9AI score0.92398EPSS

CVE•added 2008/11/04 6:29 p.m.•1042 views

CVE-2008-2992

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

9.3CVSS7.8AI score0.93377EPSS

CVE•added 2010/02/22 1:0 p.m.•1014 views

CVE-2010-0188

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS7.7AI score0.92839EPSS

CVE•added 2008/02/12 7:0 p.m.•993 views

CVE-2007-5659

Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.

9.3CVSS7.4AI score0.93247EPSS

CVE•added 2009/07/23 8:30 p.m.•978 views

CVE-2009-1862

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or...

9.3CVSS7.8AI score0.57995EPSS

CVE•added 2009/03/19 10:30 a.m.•977 views

CVE-2009-0927

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.

9.3CVSS8AI score0.93673EPSS

CVE•added 2011/04/13 2:55 p.m.•976 views

CVE-2011-0611

Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x be...

9.3CVSS8.8AI score0.93736EPSS

CVE•added 2013/05/16 11:45 a.m.•972 views

CVE-2013-2729

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.

10CVSS7.6AI score0.90244EPSS

CVE•added 2008/02/07 9:0 p.m.•968 views

CVE-2008-0655

Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.

9.8CVSS6.4AI score0.71023EPSS

CVE•added 2009/12/15 2:30 a.m.•958 views

CVE-2009-4324

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild i...

9.3CVSS7.2AI score0.93381EPSS

CVE•added 2013/02/14 1:55 a.m.•953 views

CVE-2013-0641

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.

9.3CVSS7.8AI score0.89391EPSS

CVE•added 2010/09/09 10:0 p.m.•948 views

CVE-2010-2883

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphl...

9.3CVSS8.2AI score0.93247EPSS

CVE•added 2011/12/07 7:55 p.m.•947 views

CVE-2011-2462

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in ...

10CVSS9.6AI score0.9255EPSS

CVE•added 2018/07/09 7:29 p.m.•869 views

CVE-2018-4990

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

8.8CVSS8.4AI score0.60065EPSS

CVE•added 2014/08/12 9:55 p.m.•849 views

CVE-2014-0546

Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.

10CVSS6.8AI score0.16664EPSS

CVE•added 2023/09/13 9:15 a.m.•531 views

CVE-2023-26369

Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i...

7.8CVSS7.9AI score0.00403EPSS

CVE•added 2023/01/18 7:15 p.m.•429 views

CVE-2023-21608

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i...

7.8CVSS7.7AI score0.8896EPSS

CVE•added 2021/06/28 2:15 p.m.•304 views

CVE-2021-28562

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability when executing search queries through Javascript. An unauthenticated attacker could leverage this vulnerability to achieve a...

8.8CVSS8.7AI score0.28243EPSS

CVE•added 2009/10/19 10:30 p.m.•247 views

CVE-2009-2994

Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.

9.3CVSS7.5AI score0.42796EPSS

CVE•added 2023/01/18 7:15 p.m.•247 views

CVE-2023-21579

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u...

7.8CVSS7.7AI score0.0161EPSS

CVE•added 2022/05/11 6:15 p.m.•203 views

CVE-2022-28269

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of Annotation objects that could result in a memory leak in the context of the current user. Exploitation of this issue r...

4.3CVSS5AI score0.01668EPSS

CVE•added 2022/05/11 6:15 p.m.•199 views

CVE-2022-28838

Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction ...

9.3CVSS7.7AI score0.04169EPSS

CVE•added 2022/05/11 6:15 p.m.•195 views

CVE-2022-28266

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage thi...

5.5CVSS5.2AI score0.00926EPSS

CVE•added 2022/07/15 4:15 p.m.•176 views

CVE-2022-34221

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploi...

7.8CVSS7.6AI score0.02966EPSS

CVE•added 2022/05/11 6:15 p.m.•174 views

CVE-2022-27793

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio...

9.3CVSS7.7AI score0.01963EPSS

CVE•added 2022/05/11 6:15 p.m.•173 views

CVE-2022-24103

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t...

9.3CVSS7.6AI score0.09034EPSS

CVE•added 2012/08/15 10:31 a.m.•172 views

CVE-2012-4159

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE...

10CVSS7.6AI score0.19383EPSS

CVE•added 2022/05/11 6:15 p.m.•172 views

CVE-2022-24104

9.3CVSS7.6AI score0.3695EPSS

CVE•added 2022/07/15 4:15 p.m.•172 views

CVE-2022-34230

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i...

7.8CVSS7.7AI score0.0934EPSS

CVE•added 2022/05/11 6:15 p.m.•170 views

CVE-2022-27788

9.3CVSS7.7AI score0.02214EPSS

CVE•added 2024/12/10 8:15 p.m.•168 views

CVE-2024-49530

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi...

7.8CVSS7.4AI score0.0004EPSS

CVE•added 2023/11/16 10:15 a.m.•167 views

CVE-2023-44336

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a ...

7.8CVSS7.8AI score0.0081EPSS

CVE•added 2013/05/16 11:45 a.m.•165 views

CVE-2013-2727

10CVSS7.6AI score0.90244EPSS

CVE•added 2022/05/11 6:15 p.m.•164 views

CVE-2022-28837

Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitati...

5.5CVSS5.6AI score0.00343EPSS

CVE•added 2013/09/12 1:28 p.m.•163 views

CVE-2013-3353

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3356.

10CVSS7.7AI score0.4398EPSS

CVE•added 2024/12/10 8:15 p.m.•163 views

CVE-2024-49531

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to ...

5.5CVSS6.4AI score0.00029EPSS

CVE•added 2011/02/10 6:0 p.m.•155 views

CVE-2011-0596

The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which trig...

9.3CVSS7.6AI score0.12676EPSS

CVE•added 2012/08/15 10:31 a.m.•155 views

CVE-2012-4148

10CVSS7.6AI score0.19383EPSS

CVE•added 2024/12/10 8:15 p.m.•154 views

CVE-2024-49535

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity...

6.3CVSS5.9AI score0.00025EPSS

CVE•added 2013/05/16 11:45 a.m.•151 views

CVE-2013-2735

10CVSS7.7AI score0.18885EPSS

CVE•added 2011/02/10 6:0 p.m.•150 views

CVE-2011-0590

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.

9.3CVSS7.4AI score0.12036EPSS

CVE•added 2013/05/16 11:45 a.m.•150 views

CVE-2013-2718

Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2...

10CVSS7.7AI score0.18885EPSS

CVE•added 2013/05/16 11:45 a.m.•150 views

CVE-2013-2719

10CVSS7.7AI score0.18885EPSS

CVE•added 2013/05/16 11:45 a.m.•150 views

CVE-2013-2731

10CVSS7.7AI score0.18885EPSS

CVE•added 2012/08/15 10:31 a.m.•149 views

CVE-2012-4150

10CVSS7.6AI score0.19383EPSS

CVE•added 2013/05/16 11:45 a.m.•149 views

CVE-2013-2732