CVE-2018-15996
First published: Fri Jan 18 2019(Updated: )
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=15.006.30060<=15.006.30457 | |
| Adobe Acrobat Reader | >=15.008.20082<=19.008.20081 | |
| Adobe Acrobat Reader | >=17.011.30056<=17.011.30106 | |
| Adobe Acrobat Reader Notification Manager | >=15.006.30060<=15.006.30457 | |
| Adobe Acrobat Reader Notification Manager | >=15.008.20082<=19.008.20081 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.30059<=17.011.30106 | |
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=15.006.30060<=15.006.30456 | |
| Adobe Acrobat Reader | >=15.008.20082<=19.008.20080 | |
| Adobe Acrobat Reader | >=17.011.30056<=17.011.30105 | |
| Adobe Acrobat Reader Notification Manager | >=15.006.30060<=15.006.30456 | |
| Adobe Acrobat Reader Notification Manager | >=15.008.20082<=19.008.20080 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.30059<=17.011.30105 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-15996?
CVE-2018-15996 has a critical severity rating due to its potential to allow arbitrary code execution through an out-of-bounds read.
How do I fix CVE-2018-15996?
To fix CVE-2018-15996, update Adobe Acrobat and Reader to the latest version as specified in the security advisory.
Which versions of Adobe software are affected by CVE-2018-15996?
Adobe Acrobat and Reader versions 2019.008.20081 and earlier as well as 2017 and 2015 versions listed in the advisory are affected by CVE-2018-15996.
What types of attacks can exploit CVE-2018-15996?
CVE-2018-15996 can be exploited through specially crafted PDF files that may lead to memory corruption and execution of arbitrary code.
Are earlier versions of Adobe Acrobat still vulnerable to CVE-2018-15996?
Yes, earlier versions of Adobe Acrobat prior to the updates addressing CVE-2018-15996 remain vulnerable.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/remedy
- agent/author
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.006.30060
- version/adobe acrobat reader/15.006.30457
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/19.008.20081
- version/adobe acrobat reader/17.011.30056
- version/adobe acrobat reader/17.011.30106
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/15.006.30060
- version/adobe acrobat reader notification manager/15.006.30457
- version/adobe acrobat reader notification manager/15.008.20082
- version/adobe acrobat reader notification manager/19.008.20081
- version/adobe acrobat reader notification manager/17.011.30059
- version/adobe acrobat reader notification manager/17.011.30106
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/15.006.30456
- version/adobe acrobat reader/19.008.20080
- version/adobe acrobat reader/17.011.30105
- version/adobe acrobat reader notification manager/15.006.30456
- version/adobe acrobat reader notification manager/19.008.20080
- version/adobe acrobat reader notification manager/17.011.30105
- vendor/apple
- canonical/apple ios and macos