U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:adobe:acrobat_reader:10.0.3:*:*:*:*:*:*:*
There are 355 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-40723

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: September 07, 2023; 9:15:07 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-40724

Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: October 15, 2021; 11:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-24441

Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application.

Published: November 12, 2020; 10:15:11 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-24439

Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process.

Published: November 05, 2020; 3:15:17 PM -0500
V3.1: 2.8 LOW
V2.0: 1.2 LOW
CVE-2020-24438

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-24437

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-24436

Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-24435

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-24434

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-24433

Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-24432

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-24431

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 4.4 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2020-24430

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-24429

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-24428

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: November 05, 2020; 3:15:16 PM -0500
V3.1: 7.7 HIGH
V2.0: 5.1 MEDIUM
CVE-2020-24427

Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: November 05, 2020; 3:15:15 PM -0500
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-24426

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: November 05, 2020; 3:15:15 PM -0500
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2017-16420

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

Published: December 09, 2017; 1:29:03 AM -0500
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2017-16419

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.

Published: December 09, 2017; 1:29:02 AM -0500
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-16418

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

Published: December 09, 2017; 1:29:02 AM -0500
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH