Total
1759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2959 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-2961 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-16380 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt. | |||||
| CVE-2017-2947 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF). | |||||
| CVE-2017-16372 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure. | |||||
| CVE-2017-2950 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-2948 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3013 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging. | |||||
| CVE-2017-3023 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3035 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3024 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when manipulating PDF annotations. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-2951 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-11221 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-16415 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | |||||
| CVE-2017-2971 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-16387 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | |||||
| CVE-2017-2957 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3009 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure. | |||||
| CVE-2017-2958 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-11217 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution. | |||||