CVE-2016-6952 — Use After Free in Adobe Acrobat

CWE-416 — Use After Free3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

2.7%

top 14.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader DC +1 more

Timeline

PublishedOct 13

Latest updateMay 17

Description

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDadobe/acrobat_reader_dc15.006.30201+1

▶NVDadobe/acrobat11.0.17

▶NVDadobe/acrobat_dc15.006.30201+1

▶NVDadobe/reader11.0.17

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-c5x2-2gg4-849p: Use-after-free vulnerability in Adobe Reader and Acrobat before 11↗2022-05-17

▶

CVEList

CVE-2016-6952: Use-after-free vulnerability in Adobe Reader and Acrobat before 11↗2016-10-13

▶