Vulnerabilities > Adobe > Acrobat Reader

DATE CVE VULNERABILITY TITLE RISK
2020-11-05 CVE-2020-24436 Out-of-bounds Write vulnerability in Adobe products
Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure.
local
low complexity
adobe CWE-787
7.8
2020-11-05 CVE-2020-24435 Heap-based Buffer Overflow vulnerability in Adobe products
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user.
local
low complexity
adobe CWE-122
7.8
2020-11-05 CVE-2020-24434 Out-of-bounds Read vulnerability in Adobe products
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
local
low complexity
adobe CWE-125
3.3
2020-11-05 CVE-2020-24433 Unspecified vulnerability in Adobe products
Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM.
local
low complexity
adobe
7.8
2020-11-05 CVE-2020-24432 Improper Input Validation vulnerability in Adobe products
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user.
local
low complexity
adobe CWE-20
7.8
2020-11-05 CVE-2020-24431 Improper Authorization vulnerability in Adobe products
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process.
local
low complexity
adobe CWE-285
4.4
2020-11-05 CVE-2020-24430 Use After Free vulnerability in Adobe products
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript.
local
low complexity
adobe CWE-416
7.8
2020-11-05 CVE-2020-24429 Improper Verification of Cryptographic Signature vulnerability in Adobe products
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation.
local
low complexity
adobe CWE-347
7.8
2020-11-05 CVE-2020-24428 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Adobe products
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation.
local
high complexity
adobe CWE-367
7.7
2020-11-05 CVE-2020-24427 Unspecified vulnerability in Adobe products
Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory.
local
low complexity
adobe
3.3