CVE-2016-1111 — Double Free in Adobe Acrobat

2 documents2 sources

Severity

8.8HIGHNVD

EPSS

2.6%

top 14.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader +1 more

Timeline

PublishedApr 30

Latest updateMay 14

Description

Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDadobe/acrobat_reader9.0

▶NVDadobe/acrobat_reader_dc15.006.30097+1

▶NVDadobe/acrobat11.0.13

▶NVDadobe/acrobat_dc15.006.30097+1

🔴Vulnerability Details

GHSA

GHSA-rh4v-599x-fwm9: Double free vulnerability in Adobe Reader and Acrobat before 11↗2022-05-14

▶