CVE-2018-16042

MEDIUM

Adobe Acrobat DC < 15.006.30457 - Signature Verification Bypass

Title source: rule

Description

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to information disclosure.

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106159

[Patch, Vendor Advisory] https://helpx.adobe.com/security/products/acrobat/apsb18-41.html

[Third Party Advisory] https://pdf-insecurity.org/signature/evaluation_2018.html

[Third Party Advisory] https://pdf-insecurity.org/signature/signature.html

[Third Party Advisory] https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities/

Scores

CVSS v3 6.5

EPSS 0.0464

EPSS Percentile 89.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-347

Status published

Affected Products (13)

adobe/acrobat_dc < 15.006.30457

adobe/acrobat_dc < 19.008.20081

adobe/acrobat_reader_dc < 15.006.30457

adobe/acrobat_reader_dc < 19.008.20081

adobe/reader

adobe/reader

iskysoft/pdf_editor_6

iskysoft/pdfelement6

iskysoft/pdfelement6

iskysoft/pdf_editor_6

iskysoft/pdf_editor_6

iskysoft/pdfelement6

iskysoft/pdfelement6

Timeline

Published Jan 18, 2019

Tracked Since Feb 18, 2026