Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-8038: Adobe Security Bulletin

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

CVE
#vulnerability#mac#windows#apple#google#git

Security bulletin for Adobe Acrobat and Reader | APSB19-41

Bulletin ID

Date Published

Priority

APSB19-41

August 13, 2019

2

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

These updates will address important vulnerabilities in the software. Adobe will be assigning the following  priority ratings to these updates:

Adobe recommends users update their software installations to the latest versions by following the instructions below.

The latest product versions are available to end users via one of the following methods:

  • Users can update their product installations manually by choosing Help > Check for Updates.

  • The products will update automatically, without requiring user intervention, when updates are detected.

  • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

For IT administrators (managed environments):

  • Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.

  • Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Out-of-Bounds Read

Information Disclosure

Important

CVE-2019-8077

CVE-2019-8094

CVE-2019-8095

CVE-2019-8096

CVE-2019-8102

CVE-2019-8103

CVE-2019-8104

CVE-2019-8105

CVE-2019-8106

CVE-2019-8002

CVE-2019-8004

CVE-2019-8005

CVE-2019-8007

CVE-2019-8010

CVE-2019-8011

CVE-2019-8012

CVE-2019-8018

CVE-2019-8020

CVE-2019-8021

CVE-2019-8032

CVE-2019-8035

CVE-2019-8037

CVE-2019-8040

CVE-2019-8043

CVE-2019-8052

Out-of-Bounds Write

Arbitrary Code Execution

Important

CVE-2019-8098

CVE-2019-8100

CVE-2019-7965

CVE-2019-8008

CVE-2019-8009

CVE-2019-8016

CVE-2019-8022

CVE-2019-8023

CVE-2019-8027

Command Injection

Arbitrary Code Execution

Important

CVE-2019-8060

Use After Free

Arbitrary Code Execution

Important

CVE-2019-8003

CVE-2019-8013

CVE-2019-8024

CVE-2019-8025

CVE-2019-8026

CVE-2019-8028

CVE-2019-8029

CVE-2019-8030

CVE-2019-8031

CVE-2019-8033

CVE-2019-8034

CVE-2019-8036

CVE-2019-8038

CVE-2019-8039

CVE-2019-8047

CVE-2019-8051

CVE-2019-8053

CVE-2019-8054

CVE-2019-8055

CVE-2019-8056

CVE-2019-8057

CVE-2019-8058

CVE-2019-8059

CVE-2019-8061

CVE-2019-8257

Heap Overflow

Arbitrary Code Execution

Important

CVE-2019-8066

CVE-2019-8014

CVE-2019-8015

CVE-2019-8041

CVE-2019-8042

CVE-2019-8046

CVE-2019-8049

CVE-2019-8050

Buffer Error

Arbitrary Code Execution

Important

CVE-2019-8048

Double Free

Arbitrary Code Execution

Important

CVE-2019-8044

Integer Overflow

Information Disclosure

Important

CVE-2019-8099

CVE-2019-8101

Internal IP Disclosure

Information Disclosure

Important

CVE-2019-8097

Type Confusion

Arbitrary Code Execution

Important

CVE-2019-8019

CVE-2019-8249

CVE-2019-8250

Untrusted Pointer Dereference

Arbitrary Code Execution

Important

CVE-2019-8006

CVE-2019-8017

CVE-2019-8045

Insufficiently Robust Encryption

Security feature bypass

Critical

CVE-2019-8237

Type Confusion

Information Disclosure

Important

CVE-2019-8251

CVE-2019-8252

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Dhanesh Kizhakkinan of FireEye Inc. (CVE-2019-8066)
  • Xu Peng and Su Purui from TCA/SKLCS Institute of Software Chinese Academy of Sciences and Codesafe Team of Legendsec at Qi’anxin Group (CVE-2019-8029, CVE-2019-8030, CVE-2019-8031)
  • (A.K.) Karim Zidani, Independent Security Researcher ; https://imAK.xyz/ (CVE-2019-8097)
  • Anonymous working with Trend Micro Zero Day Initiative (CVE-2019-8033, CVE-2019-8037)
  • BUGFENSE Anonymous Bug Bounties https://bugfense.io (CVE-2019-8015)
  • Haikuo Xie of Baidu Security Lab working with Trend Micro Zero Day Initiative (CVE-2019-8035, CVE-2019-8257)
  • Wei Lei of STAR Labs (CVE-2019-8009, CVE-2019-8018, CVE-2019-8010, CVE-2019-8011)
  • Li Qi(@leeqwind) & Wang Lei(@CubestoneW) & Liao Bangjie(@b1acktrac3) of Qihoo360 CoreSecurity(@360CoreSec) (CVE-2019-8012)
  • Ke Liu of Tencent Security Xuanwu Lab (CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8004, CVE-2019-8005, CVE-2019-8006, CVE-2019-8077, CVE-2019-8003, CVE-2019-8020, CVE-2019-8021, CVE-2019-8022, CVE-2019-8023)
  • Haikuo Xie of Baidu Security Lab (CVE-2019-8032, CVE-2019-8036)
  • ktkitty (https://ktkitty.github.io) working with Trend Micro Zero Day Initiative (CVE-2019-8014)
  • Mat Powell of Trend Micro Zero Day Initiative (CVE-2019-8008, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059)
  • Mateusz Jurczyk of Google Project Zero (CVE-2019-8041, CVE-2019-8042, CVE-2019-8043, CVE-2019-8044, CVE-2019-8045, CVE-2019-8046, CVE-2019-8047, CVE-2019-8048, CVE-2019-8049, CVE-2019-8050, CVE-2019-8016, CVE-2019-8017)
  • Michael Bourque (CVE-2019-8007)
  • peternguyen working with Trend Micro Zero Day Initiative (CVE-2019-8013, CVE-2019-8034)
  • Simon Zuckerbraun of Trend Micro Zero Day Initiative (CVE-2019-8027)
  • Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative (CVE-2019-8019)
  • Steven Seeley (mr_me) of Source Incite working with iDefense Labs(https://vcp.idefense.com/) (CVE-2019-8098, CVE-2019-8099, CVE-2019-8100, CVE-2019-8101, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8106, CVE-2019-7965, CVE-2019-8105)
  • willJ working with Trend Micro Zero Day Initiative (CVE-2019-8040, CVE-2019-8052)
  • Esteban Ruiz (mr_me) of Source Incite working with iDefense Labs(https://vcp.idefense.com/) (CVE-2019-8002)
  • Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2019-8024, CVE-2019-8061, CVE-2019-8055)
  • Zhaoyan Xu, Hui Gao of Palo Alto Networks (CVE-2019-8026, CVE-2019-8028)
  • Lexuan Sun, Hao Cai of Palo Alto Networks (CVE-2019-8025)
  • Bit of STARLabs working with Trend Micro Zero Day Initiative (CVE-2019-8038, CVE-2019-8039)
  • Zhongcheng Li (CK01) of Topsec Alpha Team (CVE-2019-8060)
  • Jens Müller (CVE-2019-8237)
  • Steven Seeley (mr_me) of Source Incite (CVE-2019-8249, CVE-2019-8250, CVE-2019-8251, CVE-2019-8252)

August 14, 2019: Added acknowledgement for CVE-2019-8016 & CVE-2019-8017.

August 22, 2019: Updated CVE id from CVE-2019-7832 to CVE-2019-8066.

September 26, 2019: Added acknowledgement for CVE-2019-8060.

October 23, 2019: Inlcuded details about CVE-2019-8237.

November 19, 2019: Included details about CVE-2019-8249, CVE-2019-8250, CVE-2019-8251, CVE-2019-8252

December 10, 2019: Inlcuded details about CVE-2019-8257.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907