⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2014-0496Use After Free in Adobe Acrobat

CWE-416Use After FreeCWE-3997 documents6 sources
Severity
8.8HIGHNVD
EPSS
66.2%
top 1.47%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Acrobat
Timeline
PublishedJan 15
KEV addedMar 3
KEV dueMar 24
Latest updateMay 14
CISA Required Action: Apply updates per vendor instructions.

Description

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDadobe/acrobat10.010.1.9+1

🔴Vulnerability Details

2
GHSA
GHSA-h9rj-88q7-9jg3: Use-after-free vulnerability in Adobe Reader and Acrobat 102022-05-14
VulnCheck
Adobe Reader and Acrobat Use-After-Free Vulnerability2014

📋Vendor Advisories

1
CISA
Adobe Reader and Acrobat Use-After-Free Vulnerability2022-03-03

📄Research Papers

1
arXiv
Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware2017-07-17

💬Community

2
Bugzilla
CVE-2014-0516 flash-plugin: same origin policy bypass (APSB14-14)2014-05-13
Bugzilla
CVE-2014-0517 CVE-2014-0518 CVE-2014-0519 CVE-2014-0520 flash-plugin: security protection bypass (APSB14-14)2014-05-13
CVE-2014-0496 — Use After Free in Adobe Acrobat | cvebase