CVE-2016-1111

Published: Apr 30, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary.

Affected (6)

Products: Adobe: Acrobat, Acrobat Dc, Acrobat Reader, Acrobat Reader Dc

4 products

Configuration A

6 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Acrobat	Up to 11.0.13
Adobe Acrobat Dc	Up to 15.006.30097
Adobe Acrobat Dc	Up to 15.009.20077
Adobe Acrobat Reader	Up to 9.0
Adobe Acrobat Reader Dc	Up to 15.006.30097
Adobe Acrobat Reader Dc	Up to 15.009.20077

Running on/with	Platform Versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

References (4)

http://www.zerodayinitiative.com/advisories/ZDI-16-273/

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/acrobat/apsb16-02.html

Source: psirt@adobe.com

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-16-273/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/acrobat/apsb16-02.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.