Adobe addresses critical issues in Acrobat, Reader, and DNG SDK

Pierluigi Paganini May 12, 2020

Adobe has released security updates to address 36 vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.

Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that address thirty-six security vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.

Sixteen vulnerabilities addressed by Adobe have been rated as ‘Critical’ and could be exploited by attackers to execute arbitrary code or to bypass.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the Security Update for Adobe Acrobat and Reader (APSB20-24)

Adobe fixes a total of 24 vulnerabilities in Acrobat and Reader, 12 of them rated as ‘Critical’ severity. The remaining issues, rated as important severity, are denial of service or information disclosure vulnerabilities.

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Null PointerApplication denial-of-serviceImportant   CVE-2020-9610
Heap OverflowArbitrary Code Execution         Critical CVE-2020-9612
Race ConditionSecurity feature bypassCritical CVE-2020-9615
Out-of-bounds writeArbitrary Code Execution         Critical CVE-2020-9597CVE-2020-9594
Security bypassSecurity feature bypassCritical CVE-2020-9614CVE-2020-9613CVE-2020-9596CVE-2020-9592
Stack exhaustionApplication denial-of-serviceImportant CVE-2020-9611
Out-of-bounds readInformation disclosureImportant CVE-2020-9609CVE-2020-9608CVE-2020-9603CVE-2020-9602CVE-2020-9601CVE-2020-9600CVE-2020-9599
Buffer errorArbitrary Code Execution         Critical CVE-2020-9605CVE-2020-9604
Use-after-free   Arbitrary Code Execution         Critical CVE-2020-9607CVE-2020-9606
Invalid memory accessInformation disclosureImportant CVE-2020-9598CVE-2020-9595CVE-2020-9593

Adobe addressed twelve vulnerabilities in the Adobe DNG Software Development Kit for Windows and MacOS, four of them rated as ‘Critical’ severity while the remaining ones are classified as ‘Important’.

“Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.” reads the security update for Software Development Kit (SDK) (APSB20-26).

Vulnerability Category      Vulnerability Impact      Severity CVE Numbers      
Heap OverflowArbitrary Code Execution       Critical  CVE-2020-9589CVE-2020-9590  CVE-2020-9620  CVE-2020-9621  
Out-of-Bounds Read Information Disclosure   ImportantCVE-2020-9622  CVE-2020-9623  CVE-2020-9624  CVE-2020-9625  CVE-2020-9626  CVE-2020-9627  CVE-2020-9628  CVE-2020-9629  
[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Adobe code execution, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment