CVE-2019-8014

HIGH

Adobe Acrobat and Reader DC < 19.012.20036 - Heap Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8014. PoCs published by f01965.

AI-analyzed exploit summary This repository contains a Python script to generate a malicious BMP file exploiting CVE-2019-8014, a vulnerability in the Windows BMP parser. The crafted BMP file manipulates heap memory to achieve arbitrary code execution, likely popping a calculator or CMD window as mentioned in the README.

Description

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Exploits (1)

nomisec WORKING POC
by f01965 · poc
https://github.com/f01965/CVE-2019-8014

This repository contains a Python script to generate a malicious BMP file exploiting CVE-2019-8014, a vulnerability in the Windows BMP parser. The crafted BMP file manipulates heap memory to achieve arbitrary code execution, likely popping a calculator or CMD window as mentioned in the README.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows BMP parser (specific version not specified)
No auth needed
Prerequisites: Ability to deliver the malicious BMP file to the target system · Target system must process the BMP file with a vulnerable parser
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/acrobat/apsb19-41.html

Scores

CVSS v3 8.8
EPSS 0.0875
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (4)
adobe/acrobat_dc 15.006.30060 - 15.006.30499
adobe/acrobat_dc 15.008.20082 - 19.012.20036
adobe/acrobat_reader_dc 15.006.30060 - 15.006.30499
adobe/acrobat_reader_dc 15.008.20082 - 19.012.20036
Published Aug 20, 2019
Tracked Since Feb 18, 2026