SB2018071009 - Multiple vulnerabilities in Adobe Reader and Acrobat
Published: July 10, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 104 secuirty vulnerabilities.
1) Double free (CVE-ID: CVE-2018-12782)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a double free error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Heap-based buffer overflow (CVE-ID: CVE-2018-5015)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Heap-based buffer overflow (CVE-ID: CVE-2018-5028)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JPEG files within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Heap-based buffer overflow (CVE-ID: CVE-2018-5032)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Heap-based buffer overflow (CVE-ID: CVE-2018-5036)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing textures in Universal 3D (U3D) data in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
6) Heap-based buffer overflow (CVE-ID: CVE-2018-5038)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded Photoshop File Format data (PSD) within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
7) Heap-based buffer overflow (CVE-ID: CVE-2018-5040)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D data streams with Silicon Graphics Image (SGI) RGB data within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
8) Heap-based buffer overflow (CVE-ID: CVE-2018-5041)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D data with PICT image data within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) Heap-based buffer overflow (CVE-ID: CVE-2018-5045)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded Photoshop File Format data (PSD) within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
10) Heap-based buffer overflow (CVE-ID: CVE-2018-5052)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Animator Pro CEL image data within .pdf documents in the Universal 3D (U3D) engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Heap-based buffer overflow (CVE-ID: CVE-2018-5058)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing XML Paper Specification (XPS) files with embedded JPEG data within .pdf documents in the ImageConversion module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
12) Heap-based buffer overflow (CVE-ID: CVE-2018-5067)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
13) Heap-based buffer overflow (CVE-ID: CVE-2018-12785)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
14) Heap-based buffer overflow (CVE-ID: CVE-2018-12788)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
15) Heap-based buffer overflow (CVE-ID: CVE-2018-12798)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents in the core PDF engine page rendering component. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
16) Use-after-free (CVE-ID: CVE-2018-5009)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the JavaScript API module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
17) Use-after-free (CVE-ID: CVE-2018-5011)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing digital signatures within .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
18) Use-after-free (CVE-ID: CVE-2018-5065)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
19) Use-after-free (CVE-ID: CVE-2018-12756)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the JavaScript API module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
20) Use-after-free (CVE-ID: CVE-2018-12770)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
21) Use-after-free (CVE-ID: CVE-2018-12772)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
22) Use-after-free (CVE-ID: CVE-2018-12773)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
23) Use-after-free (CVE-ID: CVE-2018-12776)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
24) Use-after-free (CVE-ID: CVE-2018-12783)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
25) Use-after-free (CVE-ID: CVE-2018-12791)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
26) Use-after-free (CVE-ID: CVE-2018-12792)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the HTML to PDF conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
27) Use-after-free (CVE-ID: CVE-2018-12796)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing Enhanced Metafile Format Plus (EMF+) data in .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
28) Use-after-free (CVE-ID: CVE-2018-12797)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing .pdf documents in the Weblink component. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
29) Out-of-bounds write (CVE-ID: CVE-2018-5020)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format (EMF) data within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
30) Out-of-bounds write (CVE-ID: CVE-2018-5021)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents in the Javascript API component. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
31) Out-of-bounds write (CVE-ID: CVE-2018-5042)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
32) Out-of-bounds write (CVE-ID: CVE-2018-5059)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
33) Out-of-bounds write (CVE-ID: CVE-2018-5064)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
34) Out-of-bounds write (CVE-ID: CVE-2018-5069)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
35) Out-of-bounds write (CVE-ID: CVE-2018-5070)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
36) Out-of-bounds write (CVE-ID: CVE-2018-12754)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
37) Out-of-bounds write (CVE-ID: CVE-2018-12755)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
38) Out-of-bounds write (CVE-ID: CVE-2018-12758)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
39) Out-of-bounds write (CVE-ID: CVE-2018-12760)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
40) Out-of-bounds write (CVE-ID: CVE-2018-12771)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
41) Out-of-bounds write (CVE-ID: CVE-2018-12787)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger an out-of-bounds write error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
42) Security bypass (CVE-ID: CVE-2018-12802)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to unknown error related to security restrictions in the filepicker dialog component. A remote attacker can bypass implemented security policy and execute arbitrary code on the system when the victim opens a specially crafted .pdf document.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
43) Out-of-bounds read (CVE-ID: CVE-2018-5010)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
44) Out-of-bounds read (CVE-ID: CVE-2018-12803)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
45) Out-of-bounds read (CVE-ID: CVE-2018-5014)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
46) Out-of-bounds read (CVE-ID: CVE-2018-5016)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing XML Paper Specification (XPS) TrueType fonts within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
47) Out-of-bounds read (CVE-ID: CVE-2018-5017)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
48) Out-of-bounds read (CVE-ID: CVE-2018-5018)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
49) Out-of-bounds read (CVE-ID: CVE-2018-5019)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing font types within .pdf files in the XML Paper Specification (XPS) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
50) Out-of-bounds read (CVE-ID: CVE-2018-5022)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing document fields in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
51) Out-of-bounds read (CVE-ID: CVE-2018-5023)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
52) Out-of-bounds read (CVE-ID: CVE-2018-5024)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing garbage collection in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
53) Out-of-bounds read (CVE-ID: CVE-2018-5025)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing garbage collection in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
54) Out-of-bounds read (CVE-ID: CVE-2018-5026)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Javascript API component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
55) Out-of-bounds read (CVE-ID: CVE-2018-5027)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing TIFF data within .pdf files in the XML Paper Specification (XPS) conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
56) Out-of-bounds read (CVE-ID: CVE-2018-5029)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing JPEG images in XML Paper Specification (XPS) data within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
57) Out-of-bounds read (CVE-ID: CVE-2018-5031)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the XML Paper Specification (XPS) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
58) Out-of-bounds read (CVE-ID: CVE-2018-5033)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the XML Paper Specification (XPS) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
59) Out-of-bounds read (CVE-ID: CVE-2018-5035)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
60) Out-of-bounds read (CVE-ID: CVE-2018-5039)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing picture exchange file format data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
61) Out-of-bounds read (CVE-ID: CVE-2018-5044)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing TIFF data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
62) Out-of-bounds read (CVE-ID: CVE-2018-5046)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Animator Pro CEL image data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
63) Out-of-bounds read (CVE-ID: CVE-2018-5047)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Silicon Graphics Image (SGI) RGB-formatted data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
64) Out-of-bounds read (CVE-ID: CVE-2018-5048)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Interchange File Format (IFF) data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
65) Out-of-bounds read (CVE-ID: CVE-2018-5049)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing bitmap (BMP) data within .pdf files in the Universal 3D (U3D) engine A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
66) Out-of-bounds read (CVE-ID: CVE-2018-5050)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing textures in GIF-formatted data within .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
67) Out-of-bounds read (CVE-ID: CVE-2018-5051)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
68) Out-of-bounds read (CVE-ID: CVE-2018-5053)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
69) Out-of-bounds read (CVE-ID: CVE-2018-5054)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Universal 3D (U3D) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
70) Out-of-bounds read (CVE-ID: CVE-2018-5055)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
71) Out-of-bounds read (CVE-ID: CVE-2018-5056)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the XML Paper Specification (XPS) module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
72) Out-of-bounds read (CVE-ID: CVE-2018-5060)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
73) Out-of-bounds read (CVE-ID: CVE-2018-5061)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
74) Out-of-bounds read (CVE-ID: CVE-2018-5062)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
75) Out-of-bounds read (CVE-ID: CVE-2018-5063)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Extensible Stylesheet Language Transformations (XSLT) engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
76) Out-of-bounds read (CVE-ID: CVE-2018-5066)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
77) Out-of-bounds read (CVE-ID: CVE-2018-5068)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Acroform component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
78) Out-of-bounds read (CVE-ID: CVE-2018-12757)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing JavaScript API calls in the XML Forms Architecture Engine (XFA) component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
79) Out-of-bounds read (CVE-ID: CVE-2018-12761)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
80) Out-of-bounds read (CVE-ID: CVE-2018-12762)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
81) Out-of-bounds read (CVE-ID: CVE-2018-12763)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
82) Out-of-bounds read (CVE-ID: CVE-2018-12764)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
83) Out-of-bounds read (CVE-ID: CVE-2018-12765)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
84) Out-of-bounds read (CVE-ID: CVE-2018-12766)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
85) Out-of-bounds read (CVE-ID: CVE-2018-12767)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group (JBIG) segment decoder module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
86) Out-of-bounds read (CVE-ID: CVE-2018-12768)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the Joint Bi-Level Image Experts Group 2 (JBIG2) symbol header decoding component. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
87) Out-of-bounds read (CVE-ID: CVE-2018-12774)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
88) Out-of-bounds read (CVE-ID: CVE-2018-12777)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
89) Out-of-bounds read (CVE-ID: CVE-2018-12779)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing CSS elements within .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
90) Out-of-bounds read (CVE-ID: CVE-2018-12780)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
91) Out-of-bounds read (CVE-ID: CVE-2018-12781)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Cascading Stylesheet elements within .pdf files in the HTML to PDF conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
92) Out-of-bounds read (CVE-ID: CVE-2018-12786)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
93) Out-of-bounds read (CVE-ID: CVE-2018-12789)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
94) Out-of-bounds read (CVE-ID: CVE-2018-12790)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing JPEG 2000 headers in the image conversion engine. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
95) Out-of-bounds read (CVE-ID: CVE-2018-12795)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing Enhanced Metafile Format Plus (EMF+) data within .pdf files in the image conversion module. A remote attacker can trick the user into opening a specially crafted .pdf file, trigger an out-of-bounds read error and gain access to sensitive information stored in memory or cause application crash.
96) Type confusion (CVE-ID: CVE-2018-5057)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a type confusion error when processing Enhanced Metafile Format (EMF) data within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
97) Type confusion (CVE-ID: CVE-2018-12793)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a type confusion error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
98) Type confusion (CVE-ID: CVE-2018-12794)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a type confusion error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
99) Untrusted pointer dereference (CVE-ID: CVE-2018-5012)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to an untrusted pointer dereference error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
100) Untrusted pointer dereference (CVE-ID: CVE-2018-5030)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to an untrusted pointer dereference error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
101) Memory corruption (CVE-ID: CVE-2018-5034)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing pattern brush Enhanced Metafile Format (EMF) data within .pdf documents in the image conversion engine. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
102) Memory corruption (CVE-ID: CVE-2018-5037)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Graphics Interchange Format (GIF) data within .pdf documents in the Universal 3D (U3D) module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
103) Memory corruption (CVE-ID: CVE-2018-5043)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing Truevision Graphics Adapter raster file format (TGA) data .pdf documents in the Universal 3D (U3D) module. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
104) Memory corruption (CVE-ID: CVE-2018-12784)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing .pdf documents. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.