Acrobat Reader@* Security Vulnerabilities and Issues — Page 14 of Acrobat Reader@* CVE List

10CVSS9.4AI score0.05504EPSS

CVE-2018-5011

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

8.8CVSS9.2AI score0.18857EPSS

CVE-2018-5012

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

6.5CVSS7.1AI score0.10274EPSS

CVE-2018-5018

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

8.8CVSS9.3AI score0.09809EPSS

CVE-2018-5020

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

6.5CVSS7.1AI score0.10274EPSS

CVE-2018-5047

CVE•added 2020/11/05 8:15 p.m.•56 views

CVE-2020-24438

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user interaction in that a victim must open a malicio...

4.3CVSS4.5AI score0.01183EPSS

CVE•added 2021/10/07 4:15 p.m.•56 views

CVE-2021-40725

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction i...

7.8CVSS7.6AI score0.20846EPSS

CVE•added 2023/04/12 9:15 p.m.•56 views

CVE-2023-26419

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a ...

7.8CVSS7.7AI score0.01674EPSS

CVE•added 2023/04/12 9:15 p.m.•56 views

CVE-2023-26422

7.8CVSS7.7AI score0.0132EPSS

CVE•added 2023/08/10 2:15 p.m.•56 views

CVE-2023-38234

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...

7.8CVSS7.6AI score0.01518EPSS

CVE•added 2023/08/10 2:15 p.m.•56 views

CVE-2023-38246

7.8CVSS7.6AI score0.00133EPSS

CVE•added 2009/10/19 10:30 p.m.•55 views

CVE-2009-2991

Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.

9.3CVSS7.3AI score0.21854EPSS

CVE•added 2015/07/15 2:59 p.m.•55 views

CVE-2015-5101

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via un...

10CVSS7.4AI score0.03731EPSS

CVE•added 2015/07/15 2:59 p.m.•55 views

CVE-2015-5108

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified ve...

10CVSS7.7AI score0.0891EPSS

6.8CVSS7.5AI score0.19689EPSS

CVE-2015-6695

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory co...

5CVSS5.7AI score0.01851EPSS

CVE-2015-6700

The setBackground function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information fr...

CVE-2015-6714

The Function bind implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API exe...

CVE-2015-6717

The DynamicAnnotStore method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API executi...

CVE-2015-6719

The CBSharedReviewCloseDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API...

CVE•added 2016/01/14 5:59 a.m.•55 views

CVE-2016-0933

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors...

10CVSS9.5AI score0.05746EPSS

CVE•added 2018/07/20 7:29 p.m.•55 views

CVE-2018-12762

7.5CVSS7.8AI score0.09268EPSS

CVE•added 2018/07/20 7:29 p.m.•55 views

CVE-2018-12773

8.8CVSS9.2AI score0.08788EPSS

CVE•added 2018/02/27 5:29 a.m.•55 views

CVE-2018-4891

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of t...

6.5CVSS7.5AI score0.01979EPSS

CVE•added 2018/02/27 5:29 a.m.•55 views

CVE-2018-4901

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document...

8.8CVSS9.2AI score0.08234EPSS

CVE•added 2018/07/09 7:29 p.m.•55 views

CVE-2018-4965

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability. Successful exploitation could lead to information disclosure.

7.5CVSS7.9AI score0.02055EPSS

CVE•added 2018/07/20 7:29 p.m.•55 views

CVE-2018-5015

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

8.8CVSS9.2AI score0.13655EPSS

CVE•added 2020/11/05 8:15 p.m.•55 views

CVE-2020-24436

Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execu...

7.8CVSS7.4AI score0.03652EPSS

CVE•added 2022/01/14 8:15 p.m.•55 views

CVE-2021-44713

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in application denial of service. Exploitation of this issue requires user inter...

5.5CVSS5.4AI score0.00498EPSS

CVE•added 2023/04/12 9:15 p.m.•55 views

CVE-2023-26420

7.8CVSS7.7AI score0.01674EPSS

CVE•added 2024/08/14 3:15 p.m.•55 views

CVE-2024-41832

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this is...

5.5CVSS5.1AI score0.00092EPSS

CVE•added 2025/03/11 6:15 p.m.•55 views

CVE-2025-27159

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious f...

7.8CVSS7.4AI score0.00041EPSS

CVE•added 2007/01/03 9:28 p.m.•54 views

CVE-2007-0044

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character...

4.3CVSS6.2AI score0.54871EPSS

CVE•added 2009/10/19 10:30 p.m.•54 views

CVE-2009-2981

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.

9.3CVSS6.2AI score0.07238EPSS

CVE•added 2009/10/19 10:30 p.m.•54 views

CVE-2009-2983

Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

9.3CVSS7.6AI score0.57483EPSS

CVE•added 2009/10/19 10:30 p.m.•54 views

CVE-2009-2986

Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.

9.3CVSS7.4AI score0.37028EPSS

CVE•added 2015/07/15 2:59 p.m.•54 views

CVE-2015-4447

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified v...

10CVSS6.3AI score0.05694EPSS

CVE•added 2015/10/14 11:59 p.m.•54 views

CVE-2015-6683

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via un...

10CVSS7.3AI score0.04034EPSS

CVE•added 2015/10/14 11:59 p.m.•54 views

CVE-2015-6696

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via unsp...

6.8CVSS7.9AI score0.03695EPSS

CVE•added 2015/10/14 11:59 p.m.•54 views

CVE-2015-7616

The ANVerifyComments method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API executio...