CVE-2020-3802Use After Free in Adobe Acrobat DC

CWE-416Use After FreeCWE-89SQL Injection5 documents5 sources
Severity
8.8HIGHNVD
EPSS
21.8%
top 4.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Adobe Acrobat DCAdobe Acrobat Reader DCAdobe Acrobat AND Reader
Timeline
PublishedMar 25
Latest updateNov 1

Description

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDadobe/acrobat_reader_dc15.006.3006015.006.30518+2
CVEListV5adobe/adobe_acrobat_and_reader, 2020.006.20034 and earlier, 2017.011.30158  and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier versions
NVDadobe/acrobat_dc15.006.3006015.006.30518+2

🔴Vulnerability Details

3
GHSA
IBAX go-ibax vulnerable to SQL injection2022-11-01
GHSA
GHSA-x4v7-c63g-mh6m: Adobe Acrobat and Reader versions 20202022-05-24
CVEList
CVE-2020-3802: Adobe Acrobat and Reader versions 20202020-03-25

💬Community

1
Bugzilla
CVE-2019-3802 spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher2019-07-16
CVE-2020-3802 — Use After Free in Adobe Acrobat DC | cvebase