A vulnerability, which was classified as critical, has been found in Adobe Acrobat Reader up to 2015.006.30505/2017.011.30152/2019.021.20056 (Document Reader Software). Affected by this issue is an unknown part. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. Using CWE to declare the problem leads to CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

The weakness was shared 12/10/2019 as APSB19-55 as confirmed security bulletin (Website). The advisory is available at helpx.adobe.com. This vulnerability is handled as CVE-2019-16450. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 03/10/2024).

Upgrading to version 2015.006.30508, 2017.011.30156 or 2019.021.20058 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

blogs.adobe.com is providing further details. The entries 146948, 146949, 146950 and 146951 are related to this item.

Productinfo

Type

• Document Reader Software

Vendor

• Adobe

Name

• Acrobat Reader

Version

• 2015.006.30505
• 2017.011.30152
• 2019.021.20056

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion