A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30505/2017.011.30152/2019.021.20056 (Document Reader Software). It has been declared as problematic. This vulnerability affects some unknown processing. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality. CVE summarizes:

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

The weakness was published 12/10/2019 as APSB19-55 as confirmed security bulletin (Website). The advisory is available at helpx.adobe.com. This vulnerability was named CVE-2019-16457. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available.

Upgrading to version 2015.006.30508, 2017.011.30156 or 2019.021.20058 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Additional details are provided at blogs.adobe.com. Similar entries are available at 146948, 146949, 146951 and 146952.

Productinfo

Type

• Document Reader Software

Vendor

• Adobe

Name

• Acrobat Reader

Version

• 2015.006.30505
• 2017.011.30152
• 2019.021.20056

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion