CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 0CVE-2020-24427 – Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure
https://notcve.org/view.php?id=CVE-2020-24427
05 Nov 2020 — Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader versiones 2020.012.20048 (y anteriores), 2020.001.30005 (y anter... • https://helpx.adobe.com/security/products/acrobat/apsb20-67.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24426 – Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24426
05 Nov 2020 — Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat Reader DC versiones 2020.012.20048 (y anteriores), 2020.001.30005 (y anteriores) y 2017.011.30175 (y a... • https://helpx.adobe.com/security/products/acrobat/apsb20-67.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 3%CPEs: 8EXPL: 0CVE-2017-16361
https://notcve.org/view.php?id=CVE-2017-16361
09 Dec 2017 — An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. La vulnerabi... • http://www.securityfocus.com/bid/101830 •
CVSS: 9.3EPSS: 4%CPEs: 8EXPL: 0CVE-2017-16388
https://notcve.org/view.php?id=CVE-2017-16388
09 Dec 2017 — An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitatio... • http://www.securityfocus.com/bid/101818 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 8%CPEs: 8EXPL: 0CVE-2017-16420
https://notcve.org/view.php?id=CVE-2017-16420
09 Dec 2017 — An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes ... • http://www.securityfocus.com/bid/102140 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 8%CPEs: 8EXPL: 0CVE-2017-16379
https://notcve.org/view.php?id=CVE-2017-16379
09 Dec 2017 — An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anterior... • http://www.securityfocus.com/bid/101815 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 0CVE-2017-16419
https://notcve.org/view.php?id=CVE-2017-16419
09 Dec 2017 — An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones a... • http://www.securityfocus.com/bid/101817 • CWE-674: Uncontrolled Recursion •
CVSS: 9.3EPSS: 4%CPEs: 8EXPL: 0CVE-2017-16390
https://notcve.org/view.php?id=CVE-2017-16390
09 Dec 2017 — An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine API. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitatio... • http://www.securityfocus.com/bid/101818 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 6%CPEs: 8EXPL: 0CVE-2017-16411
https://notcve.org/view.php?id=CVE-2017-16411
09 Dec 2017 — An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields ... • http://www.securityfocus.com/bid/101813 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 26%CPEs: 8EXPL: 0CVE-2017-16395
https://notcve.org/view.php?id=CVE-2017-16395
09 Dec 2017 — An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequatel... • http://www.securityfocus.com/bid/101831 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •