CyberSec.Space Logo
Back to CVE Browser

CVE-2020-9715

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score38.4830%
EPSS Percentile95.47th
PublishedAug 19, 2020
Last ModifiedApr 14, 2026

Vulnerability Description

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Affected Platforms (CPE)

πŸ“¦
Adobe

Acrobat Dc

>= 15.006.30060 and <= 15.006.30523
πŸ“¦
Adobe

Acrobat Dc

>= 15.008.20082 and <= 20.009.20074
πŸ“¦
Adobe

Acrobat Dc

>= 17.011.30059 and <= 17.011.30171
πŸ“¦
Adobe

Acrobat Dc

= 20.001.30002
πŸ“¦
Adobe

Acrobat Reader Dc

>= 15.006.30060 and <= 15.006.30523
πŸ“¦
Adobe

Acrobat Reader Dc

>= 15.008.20082 and <= 20.009.20074
πŸ“¦
Adobe

Acrobat Reader Dc

>= 17.011.30059 and <= 17.011.30171
πŸ“¦
Adobe

Acrobat Reader Dc

= 20.001.30002

References & Advisories

πŸ”— https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/
πŸ”— https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-20-991/
πŸ”— https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/
πŸ”— https://helpx.adobe.com/security/products/acrobat/apsb20-48.html
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-20-991/
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715

Related Vulnerabilities

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...