CVE-2018-16022
First published: Fri Jan 18 2019(Updated: )
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader DC | >=15.006.30060<=15.006.30457 | |
| Adobe Acrobat Reader DC | >=15.008.20082<=19.008.20081 | |
| Adobe Acrobat Reader DC | >=17.011.30056<=17.011.30106 | |
| Adobe Acrobat Reader | >=15.006.30060<=15.006.30457 | |
| Adobe Acrobat Reader | >=15.008.20082<=19.008.20081 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.011.30106 | |
| Microsoft Windows Operating System | ||
| Adobe Acrobat Reader DC | >=15.006.30060<=15.006.30456 | |
| Adobe Acrobat Reader DC | >=15.008.20082<=19.008.20080 | |
| Adobe Acrobat Reader DC | >=17.011.30056<=17.011.30105 | |
| Adobe Acrobat Reader | >=15.006.30060<=15.006.30456 | |
| Adobe Acrobat Reader | >=15.008.20082<=19.008.20080 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.011.30105 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-16022?
The severity of CVE-2018-16022 is reported as critical due to the potential for out-of-bounds reads leading to memory corruption and possible code execution.
How do I fix CVE-2018-16022?
To fix CVE-2018-16022, upgrade to the latest version of Adobe Acrobat or Adobe Reader that addresses this vulnerability.
Which versions of Adobe software are affected by CVE-2018-16022?
CVE-2018-16022 affects Adobe Acrobat and Reader versions 2015.006.30457 and earlier, 2017.011.30106 and earlier, and 2019.008.20081 and earlier.
What types of systems are vulnerable to CVE-2018-16022?
CVE-2018-16022 primarily affects systems running vulnerable versions of Adobe Acrobat and Reader across multiple operating systems including Windows and macOS.
Can CVE-2018-16022 be exploited remotely?
Yes, CVE-2018-16022 can potentially be exploited remotely through malicious PDFs, leading to unauthorized access and control of the affected system.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/remedy
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.006.30060
- version/adobe acrobat reader dc/15.006.30457
- version/adobe acrobat reader dc/15.008.20082
- version/adobe acrobat reader dc/19.008.20081
- version/adobe acrobat reader dc/17.011.30056
- version/adobe acrobat reader dc/17.011.30106
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.006.30060
- version/adobe acrobat reader/15.006.30457
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/19.008.20081
- version/adobe acrobat reader/17.011.30059
- version/adobe acrobat reader/17.011.30106
- vendor/microsoft
- canonical/microsoft windows operating system
- version/adobe acrobat reader dc/15.006.30456
- version/adobe acrobat reader dc/19.008.20080
- version/adobe acrobat reader dc/17.011.30105
- version/adobe acrobat reader/15.006.30456
- version/adobe acrobat reader/19.008.20080
- version/adobe acrobat reader/17.011.30105
- vendor/apple
- canonical/apple ios and macos