CVE-2016-0935

Name of the Vulnerable Software and Affected Versions Adobe Reader versions prior to 11.0.14 Adobe Acrobat versions prior to 11.0.14 Adobe Acrobat Document Cloud versions prior to 15.006.30119 Adobe Reader Document Cloud versions prior to 15.006.30119 Adobe Acrobat DC Classic versions prior to 15.006.30119 Adobe Acrobat DC Continuous versions prior to 15.010.20056

Description The issue is related to a double free vulnerability in the handling of PDF files, specifically with the ExtGState dictionary. This vulnerability can be exploited by a remote attacker to execute arbitrary code via a specially crafted dictionary. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Adobe Reader versions prior to 11.0.14, update to version 11.0.14 or later. For Adobe Acrobat versions prior to 11.0.14, update to version 11.0.14 or later. For Adobe Acrobat Document Cloud versions prior to 15.006.30119, update to version 15.006.30119 or later. For Adobe Reader Document Cloud versions prior to 15.006.30119, update to version 15.006.30119 or later. For Adobe Acrobat DC Classic versions prior to 15.006.30119, update to version 15.006.30119 or later. For Adobe Acrobat DC Continuous versions prior to 15.010.20056, update to version 15.010.20056 or later. As a temporary workaround, consider disabling the handling of ExtGState dictionaries until a patch is available.