Adobe Acrobat Reader vulnerabilities
1,107 known vulnerabilities affecting adobe/acrobat_reader.
Total CVEs
1,107
CISA KEV
21
actively exploited
Public exploits
43
Exploited in wild
25
Severity breakdown
CRITICAL352HIGH412MEDIUM316LOW27
Vulnerabilities
Page 53 of 56
CVE-2009-1858CRITICALCVSS 9.3v7.0v7.0.1+20 more2009-06-11
CVE-2009-1858 [CRITICAL] CWE-399 CVE-2009-1858: The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8
The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
nvd
CVE-2009-1861CRITICALCVSS 9.3v7.0v7.0.1+20 more2009-06-11
CVE-2009-1861 [CRITICAL] CWE-119 CVE-2009-1861: Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 an
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap
nvd
CVE-2009-1855CRITICALCVSS 9.3v7.0v7.0.1+20 more2009-06-11
CVE-2009-1855 [CRITICAL] CWE-119 CVE-2009-1855: Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat
Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block.
nvd
CVE-2009-0888CRITICALCVSS 9.3v7.0v7.0.1+20 more2009-06-11
CVE-2009-0888 [CRITICAL] CVE-2009-0888: Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe R
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889.
nvd
CVE-2009-0511CRITICALCVSS 9.3v7.0v7.0.1+20 more2009-06-11
CVE-2009-0511 [CRITICAL] CVE-2009-0511: Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe R
Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889.
nvd
CVE-2009-1492CRITICALCVSS 9.3PoC≥ 7.0, ≤ 7.1.1≥ 8.0, ≤ 8.1.4+1 more2009-04-30
CVE-2009-1492 [CRITICAL] CWE-399 CVE-2009-1492: The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and ea
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments
nvd
CVE-2009-0193CRITICALCVSS 9.3≥ 7.0, < 7.1.1≥ 8.0, < 8.1.4+1 more2009-03-25
CVE-2009-0193 [CRITICAL] CWE-119 CVE-2009-0193: Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1
Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.
nvd
CVE-2009-1062CRITICALCVSS 9.3≤ 9.0v7.02009-03-25
CVE-2009-1062 [CRITICAL] CVE-2009-1062: Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers t
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061.
nvd
CVE-2009-0928CRITICALCVSS 10.0≤ 9.0v3.0+50 more2009-03-25
CVE-2009-0928 [CRITICAL] CWE-119 CVE-2009-0928: Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and
Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table.
nvd
CVE-2009-1061CRITICALCVSS 9.3≥ 7.0, < 7.1.1≥ 8.0, < 8.1.4+1 more2009-03-25
CVE-2009-1061 [CRITICAL] CVE-2009-1061: Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 m
Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062.
nvd
CVE-2009-0927HIGHCVSS 8.8KEVPoC≥ 7.0, < 7.1.1≥ 8.0, < 8.1.3+1 more2009-03-19
CVE-2009-0927 [HIGH] CVE-2009-0927: Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 b
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
nvd
CVE-2009-0658HIGHCVSS 7.8ExploitedPoC≥ 7.0, ≤ 7.1.1≥ 8.0, ≤ 8.1.4+1 more2009-02-20
CVE-2009-0658 [HIGH] CWE-119 CVE-2009-0658: Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attacker
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
nvd
CVE-2008-4814CRITICALCVSS 9.3≤ 8.02008-11-05
CVE-2008-4814 [CRITICAL] CWE-20 CVE-2008-4814: Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
nvd
CVE-2008-4813CRITICALCVSS 9.3≤ 8.02008-11-05
CVE-2008-4813 [CRITICAL] CWE-399 CVE-2008-4813: Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbi
Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a malformed PDF object that triggers memory corruption during parsing.
nvd
CVE-2008-4817CRITICALCVSS 9.3≤ 8.02008-11-05
CVE-2008-4817 [CRITICAL] CWE-20 CVE-2008-4817: The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attack
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.
nvd
CVE-2008-4812CRITICALCVSS 9.3≤ 8.02008-11-05
CVE-2008-4812 [CRITICAL] CWE-20 CVE-2008-4812: Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2,
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.
nvd
CVE-2008-4815HIGHCVSS 7.5≤ 8.02008-11-05
CVE-2008-4815 [HIGH] CWE-264 CVE-2008-4815: Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.
nvd
CVE-2008-4816MEDIUMCVSS 4.3≤ 8.02008-11-05
CVE-2008-4816 [MEDIUM] CVE-2008-4816: Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allow
Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors.
nvd
CVE-2008-2992HIGHCVSS 7.8KEVPoC≤ 8.1.22008-11-04
CVE-2008-2992 [HIGH] CVE-2008-2992: Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
nvd
CVE-2008-2641CRITICALCVSS 10.0v3.0v4.0+30 more2008-06-25
CVE-2008-2641 [CRITICAL] CVE-2008-2641: Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allo
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."
nvd