CVE-2016-1091 — Use After Free in Adobe Acrobat

CWE-416 — Use After Free4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

2.8%

top 13.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader DC +1 more

Timeline

PublishedOct 13

Latest updateMay 17

Description

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDadobe/acrobat_reader_dc15.006.30201+1

▶NVDadobe/acrobat11.0.17

▶NVDadobe/acrobat_dc15.006.30201+1

▶NVDadobe/reader11.0.17

🔴Vulnerability Details

GHSA

GHSA-39vq-p6qp-w9mm: Use-after-free vulnerability in Adobe Reader and Acrobat before 11↗2022-05-17

▶

CVEList

CVE-2016-1091: Use-after-free vulnerability in Adobe Reader and Acrobat before 11↗2016-10-13

▶

💬Community

Bugzilla

CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8()↗2016-04-12

▶