CVE-2019-7072: Adobe Acrobat Pro DC Font Parsing Use-After-Free Remote Code Execution Vulnerability
First published: Fri May 24 2019(Updated: )
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Pro DC | ||
| Adobe Acrobat Dc | >=15.006.30060<15.006.30475 | |
| Adobe Acrobat Dc | >=15.008.20082<19.010.20091 | |
| Adobe Acrobat Dc | >=17.011.30059<17.011.30120 | |
| Adobe Acrobat Reader DC | >=15.006.30060<15.006.30475 | |
| Adobe Acrobat Reader DC | >=15.008.20082<19.010.20091 | |
| Adobe Acrobat Reader DC | >=17.011.30059<17.011.30120 | |
| Apple Mac OS X | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-7072?
The severity of CVE-2019-7072 is critical with a CVSS score of 8.8.
How can remote attackers exploit CVE-2019-7072?
Remote attackers can exploit CVE-2019-7072 by executing arbitrary code on vulnerable installations of Adobe Acrobat Pro DC, requiring user interaction such as visiting a malicious page or opening a malicious file.
Which software versions are affected by CVE-2019-7072?
CVE-2019-7072 affects Adobe Acrobat Pro DC versions starting from 15.006.30060 to 15.006.30475, 17.011.30059 to 17.011.30120, and 19.x.x.x to 19.010.20091, as well as Adobe Acrobat Reader DC versions in the same version ranges.
Is Apple Mac OS X affected by CVE-2019-7072?
No, Apple Mac OS X is not affected by CVE-2019-7072.
Is Microsoft Windows affected by CVE-2019-7072?
No, Microsoft Windows is not affected by CVE-2019-7072.
- collector/zdi-advisory
- alias/ZDI-19-215
- alias/ZDI-CAN-7710
- alias/CVE-2019-7072
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/title
- agent/weakness
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/trending
- vendor/adobe
- canonical/adobe acrobat pro dc
- canonical/adobe acrobat dc
- version/adobe acrobat dc/15.006.30060
- version/adobe acrobat dc/15.008.20082
- version/adobe acrobat dc/17.011.30059
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.006.30060
- version/adobe acrobat reader dc/15.008.20082
- version/adobe acrobat reader dc/17.011.30059
- vendor/apple
- canonical/apple mac os x
- vendor/microsoft
- canonical/microsoft windows