CVE-2018-16002
First published: Fri Jan 18 2019(Updated: )
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=15.006.30060<=15.006.30457 | |
| Adobe Acrobat Reader | >=15.008.20082<=19.008.20081 | |
| Adobe Acrobat Reader | >=17.011.30056<=17.011.30106 | |
| Adobe Acrobat Reader Notification Manager | >=15.006.30060<=15.006.30457 | |
| Adobe Acrobat Reader Notification Manager | >=15.008.20082<=19.008.20081 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.30059<=17.011.30106 | |
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=15.006.30060<=15.006.30456 | |
| Adobe Acrobat Reader | >=15.008.20082<=19.008.20080 | |
| Adobe Acrobat Reader | >=17.011.30056<=17.011.30105 | |
| Adobe Acrobat Reader Notification Manager | >=15.006.30060<=15.006.30456 | |
| Adobe Acrobat Reader Notification Manager | >=15.008.20082<=19.008.20080 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.30059<=17.011.30105 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-16002?
CVE-2018-16002 is classified as a critical vulnerability due to its potential for exploitation leading to unauthorized access and data exposure.
What types of software are affected by CVE-2018-16002?
CVE-2018-16002 affects multiple versions of Adobe Acrobat and Adobe Reader, including AC versions 2015, 2017, and 2019.
How do I fix CVE-2018-16002?
To fix CVE-2018-16002, users should update their Adobe Acrobat or Reader software to the latest version provided by Adobe.
Is it possible to exploit CVE-2018-16002 remotely?
Yes, CVE-2018-16002 can potentially be exploited remotely if an attacker successfully delivers a malicious PDF.
What are the potential impacts of CVE-2018-16002?
The exploitation of CVE-2018-16002 can lead to an out-of-bounds read, which may result in arbitrary code execution and data leakage.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/remedy
- agent/author
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.006.30060
- version/adobe acrobat reader/15.006.30457
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/19.008.20081
- version/adobe acrobat reader/17.011.30056
- version/adobe acrobat reader/17.011.30106
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/15.006.30060
- version/adobe acrobat reader notification manager/15.006.30457
- version/adobe acrobat reader notification manager/15.008.20082
- version/adobe acrobat reader notification manager/19.008.20081
- version/adobe acrobat reader notification manager/17.011.30059
- version/adobe acrobat reader notification manager/17.011.30106
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/15.006.30456
- version/adobe acrobat reader/19.008.20080
- version/adobe acrobat reader/17.011.30105
- version/adobe acrobat reader notification manager/15.006.30456
- version/adobe acrobat reader notification manager/19.008.20080
- version/adobe acrobat reader notification manager/17.011.30105
- vendor/apple
- canonical/apple ios and macos