A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30498/2017.011.30143/2019.012.20035 (Document Reader Software). It has been classified as critical. This affects some unknown processing. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. CWE is classifying the issue as CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

The weakness was released 08/13/2019 as APSB19-41 as confirmed security bulletin (Website). The advisory is shared at helpx.adobe.com. This vulnerability is uniquely identified as CVE-2019-8022 since 02/12/2019. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.

Upgrading to version 2015.006.30499, 2017.011.30144 or 2019.012.20036 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Entries connected to this vulnerability are available at 134801, 140151, 140152 and 140153.

Productinfo

Type

• Document Reader Software

Vendor

• Adobe

Name

• Acrobat Reader

Version

• 2015.006.30498
• 2017.011.30143
• 2019.012.20035

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion