Reader@* Security Vulnerabilities and Issues — Page 4 of Reader@* CVE List

9.3CVSS8.9AI score0.05396EPSS

CVE-2017-2943

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.04739EPSS

CVE-2017-2953

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when processing a TIFF image. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.12107EPSS

CVE-2017-2959

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.10312EPSS

CVE-2017-2960

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.09328EPSS

CVE-2017-2967

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution.

CVE•added 2017/03/31 4:59 p.m.•62 views

CVE-2017-3010

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution.

10CVSS9.6AI score0.04207EPSS

9.3CVSS8.3AI score0.0176EPSS

CVE-2017-3013

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging.

9.3CVSS8.9AI score0.07731EPSS

CVE-2017-3028

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.04527EPSS

CVE-2017-3034

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.08748EPSS

CVE-2017-3049

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution.

CVE•added 2017/08/11 7:29 p.m.•62 views

CVE-2017-3117

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution.

9.3CVSS9.3AI score0.29149EPSS

CVE•added 2016/05/11 10:59 a.m.•61 views

CVE-2016-1045

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vu...

CVE•added 2016/05/11 10:59 a.m.•61 views

CVE-2016-1083

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors...

10CVSS10AI score0.12588EPSS

CVE•added 2016/07/13 2:0 a.m.•61 views

CVE-2016-4195

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors...

8.8CVSS9.8AI score0.22372EPSS

CVE•added 2016/07/13 2:0 a.m.•61 views

CVE-2016-4198

8.8CVSS9.8AI score0.22372EPSS

CVE•added 2017/08/11 7:29 p.m.•61 views

CVE-2017-11257

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.

9.3CVSS9.2AI score0.13237EPSS

CVE•added 2017/01/11 4:59 a.m.•61 views

CVE-2017-2954

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.04739EPSS

CVE•added 2017/01/11 4:59 a.m.•61 views

CVE-2017-2964

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.09115EPSS

CVE•added 2017/04/12 2:59 p.m.•61 views

CVE-2017-3035

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.02518EPSS

CVE•added 2017/08/11 7:29 p.m.•61 views

CVE-2017-3118

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments.

6.5CVSS7.8AI score0.15016EPSS

CVE•added 2017/08/11 7:29 p.m.•61 views

CVE-2017-3119

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution.

8.8CVSS9.3AI score0.12267EPSS

CVE•added 2012/01/10 9:55 p.m.•60 views

CVE-2011-4370

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.

7.5CVSS9.7AI score0.08394EPSS

10CVSS9.4AI score0.06119EPSS

CVE-2016-1041

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability...

10CVSS9.3AI score0.06119EPSS

CVE-2016-1042

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability...

CVE-2016-1052

10CVSS10AI score0.12588EPSS

CVE-2016-1073

CVE•added 2016/07/13 2:0 a.m.•60 views

CVE-2016-4194

10CVSS9.8AI score0.22372EPSS

CVE•added 2016/10/13 8:1 p.m.•60 views

CVE-2016-7019

Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors...

10CVSS10AI score0.05955EPSS

9.3CVSS8.9AI score0.08441EPSS

CVE-2017-2945

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.10134EPSS

CVE-2017-2955

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.03731EPSS

CVE-2017-2958

9.3CVSS8.8AI score0.02518EPSS

CVE-2017-2963

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to handling of the color profile in a TIFF file. Successful exploitation could lead to arbitrary code exe...

CVE•added 2017/01/24 7:59 a.m.•60 views

CVE-2017-2971

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.3AI score0.03854EPSS

CVE•added 2017/04/12 2:59 p.m.•60 views

CVE-2017-3043

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality.

5.5CVSS7AI score0.02619EPSS

CVE•added 2016/05/11 10:59 a.m.•59 views

CVE-2016-1046

CVE•added 2016/05/11 10:59 a.m.•59 views

CVE-2016-1058

CVE•added 2016/05/11 11:0 a.m.•59 views

CVE-2016-4091

Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vuln...

10CVSS9.8AI score0.12444EPSS

CVE•added 2016/07/13 2:0 a.m.•59 views

CVE-2016-4192

10CVSS9.8AI score0.22372EPSS

CVE•added 2016/09/17 2:59 a.m.•59 views

CVE-2016-6937

10CVSS9.8AI score0.22372EPSS

CVE•added 2017/01/11 4:59 a.m.•59 views

CVE-2017-2952

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the image conversion module related to parsing tags in TIFF files. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.07063EPSS

CVE•added 2017/01/24 7:59 a.m.•59 views

CVE-2017-2970

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.9AI score0.03088EPSS

CVE•added 2017/03/31 4:59 p.m.•59 views

CVE-2017-3009

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure.

7.5CVSS8.2AI score0.01245EPSS

CVE•added 2017/04/12 2:59 p.m.•59 views

CVE-2017-3045

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box.

5.5CVSS6.9AI score0.04485EPSS

CVE•added 2017/04/12 2:59 p.m.•59 views

CVE-2017-3047

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution.

9.3CVSS8.8AI score0.03543EPSS

CVE-2016-1055

CVE-2016-1056

CVE-2016-1057