CVE-2016-6938Use After Free in Adobe Acrobat

CWE-416Use After Free3 documents3 sources
Severity
9.8CRITICALNVD
CNA8.8
EPSS
1.9%
top 16.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe AcrobatAdobe Acrobat DCAdobe Acrobat Reader DC+1 more
Timeline
PublishedSep 17
Latest updateMay 17

Description

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDadobe/acrobat_reader_dc15.006.30174+1
NVDadobe/acrobat11.0.16
NVDadobe/acrobat_dc15.006.30174+1
NVDadobe/reader11.0.16

🔴Vulnerability Details

2
GHSA
GHSA-jv87-v39g-62xp: Use-after-free vulnerability in Adobe Reader and Acrobat before 112022-05-17
CVEList
CVE-2016-6938: Use-after-free vulnerability in Adobe Reader and Acrobat before 112016-09-17
CVE-2016-6938 — Use After Free in Adobe Acrobat | cvebase