Multiple vulnerabilities in Adobe Acrobat and Reader



Published: 2019-12-11 | Updated: 2021-08-23
Risk High
Patch available YES
Number of vulnerabilities 21
CVE-ID CVE-2019-16446
CVE-2019-16462
CVE-2019-16451
CVE-2019-16464
CVE-2019-16455
CVE-2019-16460
CVE-2019-16453
CVE-2019-16444
CVE-2019-16463
CVE-2019-16459
CVE-2019-16452
CVE-2019-16461
CVE-2019-16458
CVE-2019-16457
CVE-2019-16456
CVE-2019-16465
CVE-2019-16450
CVE-2019-16448
CVE-2019-16445
CVE-2019-16454
CVE-2019-16449
CWE-ID CWE-822
CWE-119
CWE-122
CWE-416
CWE-264
CWE-427
CWE-125
CWE-787
Exploitation vector Network
Public exploit Public exploit code for vulnerability #11 is available.
Vulnerable software
Subscribe
Adobe Acrobat
Client/Desktop applications / Office applications

Adobe Reader
Client/Desktop applications / Office applications

Vendor Adobe

Security Bulletin

This security bulletin contains information about 21 vulnerabilities.

1) Untrusted Pointer Dereference

EUVDB-ID: #VU23524

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16446

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU23523

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16462

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF content. A remote attacker can create a specially crafted PDF file, trigger buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Heap-based buffer overflow

EUVDB-ID: #VU23522

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16451

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF content. A remote attacker can create a specially crafted PDF file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Use-after-free

EUVDB-ID: #VU23521

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16464

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Untrusted Pointer Dereference

EUVDB-ID: #VU23525

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16455

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Untrusted Pointer Dereference

EUVDB-ID: #VU23526

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16460

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Security restrictions bypass

EUVDB-ID: #VU23529

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16453

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to unspecified error, related to implemented security restrictions. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Insecure DLL loading

EUVDB-ID: #VU23528

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-16444

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file on a remote SMB fileshare, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Untrusted Pointer Dereference

EUVDB-ID: #VU23527

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16463

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to untrusted pointer dereference when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Use-after-free

EUVDB-ID: #VU23520

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16459

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Use-after-free

EUVDB-ID: #VU23519

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16452

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Out-of-bounds read

EUVDB-ID: #VU23513

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-16461

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Out-of-bounds read

EUVDB-ID: #VU23512

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-16458

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Out-of-bounds read

EUVDB-ID: #VU23511

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-16457

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Out-of-bounds read

EUVDB-ID: #VU23510

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-16456

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

16) Out-of-bounds read

EUVDB-ID: #VU23514

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-16465

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

17) Out-of-bounds write

EUVDB-ID: #VU23515

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16450

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

18) Use-after-free

EUVDB-ID: #VU23518

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16448

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

19) Use-after-free

EUVDB-ID: #VU23517

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16445

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF content. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

20) Out-of-bounds write

EUVDB-ID: #VU23516

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-16454

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

21) Out-of-bounds read

EUVDB-ID: #VU23509

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-16449

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Acrobat: 2019.008.20071 - 2019.021.20056, 2017.011.30148 - 2017.011.30152, 2015.006.30503 - 2015.006.30505

Adobe Reader: 2019.008.20071 - 2019.021.20056, 2017.008.30051 - 2017.011.30152, 2015.006.30505


CPE2.3 External links

http://helpx.adobe.com/security/products/acrobat/apsb19-55.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###