SB2019081315 - Multiple vulnerabilities in Adobe Reader and Acrobat
Published: August 13, 2019 Updated: August 15, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 76 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2019-8077)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
2) Out-of-bounds read (CVE-ID: CVE-2019-8094)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
3) Out-of-bounds read (CVE-ID: CVE-2019-8095)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
4) Out-of-bounds read (CVE-ID: CVE-2019-8096)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
5) Out-of-bounds read (CVE-ID: CVE-2019-8102)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
6) Out-of-bounds read (CVE-ID: CVE-2019-8103)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
7) Out-of-bounds read (CVE-ID: CVE-2019-8104)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
8) Out-of-bounds read (CVE-ID: CVE-2019-8105)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
9) Out-of-bounds read (CVE-ID: CVE-2019-8106)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
10) Out-of-bounds read (CVE-ID: CVE-2019-8002)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
11) Out-of-bounds read (CVE-ID: CVE-2019-8004)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
12) Out-of-bounds read (CVE-ID: CVE-2019-8005)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
13) Out-of-bounds read (CVE-ID: CVE-2019-8007)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
14) Out-of-bounds read (CVE-ID: CVE-2019-8010)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
15) Out-of-bounds read (CVE-ID: CVE-2019-8011)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
16) Out-of-bounds read (CVE-ID: CVE-2019-8012)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
17) Out-of-bounds read (CVE-ID: CVE-2019-8018)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
18) Out-of-bounds read (CVE-ID: CVE-2019-8020)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
19) Out-of-bounds read (CVE-ID: CVE-2019-8021)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
20) Out-of-bounds read (CVE-ID: CVE-2019-8032)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
21) Out-of-bounds read (CVE-ID: CVE-2019-8035)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the parsing of XFA forms. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
22) Out-of-bounds read (CVE-ID: CVE-2019-8037)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the parsing of Unicode characters in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
23) Out-of-bounds read (CVE-ID: CVE-2019-8040)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the parsing of JPEG files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
24) Out-of-bounds read (CVE-ID: CVE-2019-8043)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
25) Out-of-bounds read (CVE-ID: CVE-2019-8052)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the parsing of JPEG files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
26) Out-of-bounds write (CVE-ID: CVE-2019-8098)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
27) Out-of-bounds write (CVE-ID: CVE-2019-8100)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
28) Out-of-bounds write (CVE-ID: CVE-2019-7965)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
29) Out-of-bounds write (CVE-ID: CVE-2019-8008)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of PostScript files. A remote attacker can create a specially crafted PostScript file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
30) Out-of-bounds write (CVE-ID: CVE-2019-8009)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
31) Out-of-bounds write (CVE-ID: CVE-2019-8016)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
32) Out-of-bounds write (CVE-ID: CVE-2019-8022)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
33) Out-of-bounds write (CVE-ID: CVE-2019-8023)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
34) Out-of-bounds write (CVE-ID: CVE-2019-8027)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the implementation of the Copy menu command in Protected View. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
35) Code injection (CVE-ID: CVE-2019-8060)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a improper input validation when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software and execute arbitrary code on the target system.
36) Use-after-free (CVE-ID: CVE-2019-8003)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
37) Use-after-free (CVE-ID: CVE-2019-8013)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of XFA forms. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
38) Use-after-free (CVE-ID: CVE-2019-8024)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
39) Use-after-free (CVE-ID: CVE-2019-8025)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
40) Use-after-free (CVE-ID: CVE-2019-8026)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
41) Use-after-free (CVE-ID: CVE-2019-8028)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
42) Use-after-free (CVE-ID: CVE-2019-8029)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
43) Use-after-free (CVE-ID: CVE-2019-8030)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
44) Use-after-free (CVE-ID: CVE-2019-8031)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
45) Use-after-free (CVE-ID: CVE-2019-8033)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the AcroForm setFocus method. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
46) Use-after-free (CVE-ID: CVE-2019-8034)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of the ready event within XFA forms. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
47) Use-after-free (CVE-ID: CVE-2019-8036)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
48) Use-after-free (CVE-ID: CVE-2019-8038)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of Field objects within the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
49) Use-after-free (CVE-ID: CVE-2019-8039)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of the value property of Field objects within the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
50) Use-after-free (CVE-ID: CVE-2019-8047)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
51) Use-after-free (CVE-ID: CVE-2019-8051)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of the userName property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
52) Use-after-free (CVE-ID: CVE-2019-8053)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of the submitName property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
53) Use-after-free (CVE-ID: CVE-2019-8054)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of the rect property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
54) Use-after-free (CVE-ID: CVE-2019-8055)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
55) Use-after-free (CVE-ID: CVE-2019-8056)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of the strokeColor property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
56) Use-after-free (CVE-ID: CVE-2019-8057)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of the textSize property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
57) Use-after-free (CVE-ID: CVE-2019-8058)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of the fillColor property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
58) Use-after-free (CVE-ID: CVE-2019-8059)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the handling of the lineWidth property of Field objects in the AcroForm plugin. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
59) Use-after-free (CVE-ID: CVE-2019-8061)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger use-after-free error and execute arbitrary code on the target system.
60) Heap-based buffer overflow (CVE-ID: N/A)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.
61) Heap-based buffer overflow (CVE-ID: CVE-2019-8014)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the parsing of run length encoding in BMP images. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.
62) Heap-based buffer overflow (CVE-ID: CVE-2019-8015)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.
63) Heap-based buffer overflow (CVE-ID: CVE-2019-8041)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.
64) Heap-based buffer overflow (CVE-ID: CVE-2019-8042)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.
65) Heap-based buffer overflow (CVE-ID: CVE-2019-8046)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.
66) Heap-based buffer overflow (CVE-ID: CVE-2019-8049)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.
67) Heap-based buffer overflow (CVE-ID: CVE-2019-8050)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger heap-based buffer overflow and execute arbitrary code on the target system.
68) Memory corruption (CVE-ID: CVE-2019-8048)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger memory corruption and execute arbitrary code on the target system.
69) Double free (CVE-ID: CVE-2019-8044)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger double free error and execute arbitrary code on the target system.
70) Integer overflow (CVE-ID: CVE-2019-8099)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to integer overflow when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger integer overflow and gain access to sensitive information.
71) Integer overflow (CVE-ID: CVE-2019-8101)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to integer overflow when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger integer overflow and gain access to sensitive information.
72) Information disclosure (CVE-ID: CVE-2019-8097)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software includes local IP address of the user into PDF files. A remote attacker can obtain local IP address of the user.
73) Type confusion (CVE-ID: CVE-2019-8019)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a type confusion error within the processing of the executive command in PostScript. A remote attacker can create a specially crafted PostScript file, trick the victim into opening it and execute arbitrary code on the target system.
74) Untrusted pointer dereference (CVE-ID: CVE-2019-8006)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to untrusted pointer dereference error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system.
75) Untrusted pointer dereference (CVE-ID: CVE-2019-8017)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to untrusted pointer dereference error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system.
76) Untrusted pointer dereference (CVE-ID: CVE-2019-8045)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to untrusted pointer dereference error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
- https://www.zerodayinitiative.com/advisories/ZDI-19-748/
- https://www.zerodayinitiative.com/advisories/ZDI-19-749/
- https://www.zerodayinitiative.com/advisories/ZDI-19-752/
- https://www.zerodayinitiative.com/advisories/ZDI-19-753/
- https://www.zerodayinitiative.com/advisories/ZDI-19-724/
- https://www.zerodayinitiative.com/advisories/ZDI-19-745/
- https://www.zerodayinitiative.com/advisories/ZDI-19-726/
- https://www.zerodayinitiative.com/advisories/ZDI-19-747/
- https://www.zerodayinitiative.com/advisories/ZDI-19-746/
- https://www.zerodayinitiative.com/advisories/ZDI-19-750/
- https://www.zerodayinitiative.com/advisories/ZDI-19-751/
- https://www.zerodayinitiative.com/advisories/ZDI-19-754/
- https://www.zerodayinitiative.com/advisories/ZDI-19-756/
- https://www.zerodayinitiative.com/advisories/ZDI-19-755/
- https://www.zerodayinitiative.com/advisories/ZDI-19-758/
- https://www.zerodayinitiative.com/advisories/ZDI-19-759/
- https://www.zerodayinitiative.com/advisories/ZDI-19-760/
- https://www.zerodayinitiative.com/advisories/ZDI-19-757/
- https://www.zerodayinitiative.com/advisories/ZDI-19-725/
- https://www.zerodayinitiative.com/advisories/ZDI-19-744/