CVE-2015-3054 — Use After Free in Adobe Acrobat

CWE-416 — Use After Free11 documents3 sources

Severity

10.0CRITICALNVD

NVD7.5

EPSS

3.6%

top 12.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat Reader

Timeline

PublishedMay 13

Latest updateMay 17

Description

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3055, CVE-2015-3059, and CVE-2015-3075.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDadobe/acrobat_reader25 versions+24

▶NVDadobe/acrobat25 versions+24

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-wgc8-2wwh-f797: Use-after-free vulnerability in Adobe Reader and Acrobat 10↗2022-05-17

▶

GHSA

GHSA-hvmw-wvjj-3h3x: Use-after-free vulnerability in Adobe Reader and Acrobat 10↗2022-05-17

▶

GHSA

GHSA-f5qr-chhp-9g8p: Use-after-free vulnerability in Adobe Reader and Acrobat 10↗2022-05-17

▶

GHSA

GHSA-hqh5-x7wr-q63c: Use-after-free vulnerability in Adobe Reader and Acrobat 10↗2022-05-17

▶

GHSA

GHSA-wq8p-3q98-gw6h: Use-after-free vulnerability in Adobe Reader and Acrobat 10↗2022-05-17

▶

🕵️Threat Intelligence

Zscaler

Zscaler detects Flash Player Vulnerabilities | 05-21-2015↗

▶