CVE-2018-16042
MEDIUMAdobe Acrobat and Reader DC < 15.006.30457, 15.008.20082-19.008.20081 - Cryptographic Signature Verification Bypass
Title source: llmDescription
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106159
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
Third Party Advisory x_refsource_misc
https://pdf-insecurity.org/signature/evaluation_2018.html
Third Party Advisory x_refsource_misc
https://pdf-insecurity.org/signature/signature.html
Third Party Advisory x_refsource_misc
https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/
Scores
CVSS v3
6.5
EPSS
0.8243
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-347
Status
published
Products (13)
adobe/acrobat_dc
15.006.30060 - 15.006.30457
adobe/acrobat_dc
15.008.20082 - 19.008.20081
adobe/acrobat_reader_dc
15.006.30060 - 15.006.30457
adobe/acrobat_reader_dc
15.008.20082 - 19.008.20081
adobe/reader
11.0.10
adobe/reader
11.0.23
iskysoft/pdf_editor_6
6.4.2.3521
iskysoft/pdf_editor_6
6.6.2.3315
iskysoft/pdf_editor_6
6.7.6.3399
iskysoft/pdfelement6
6.8.0.3523
... and 3 more
Published
Jan 18, 2019
Tracked Since
Feb 18, 2026