CVE-2016-1111

Name of the Vulnerable Software and Affected Versions Adobe Reader versions prior to 11.0.14 Adobe Acrobat and Acrobat Reader DC Classic versions prior to 15.006.30119 Adobe Acrobat and Acrobat Reader DC Continuous versions prior to 15.010.20056

Description A double free vulnerability in Adobe Reader and Acrobat allows attackers to execute arbitrary code via a crafted Graphics State dictionary. This issue can be exploited by a remote attacker to execute code. The vulnerability is related to the repeated freeing of memory, which can be triggered by a specially formed Graphics State dictionary.

Recommendations For Adobe Reader versions prior to 11.0.14, update to version 11.0.14 or later. For Adobe Acrobat and Acrobat Reader DC Classic versions prior to 15.006.30119, update to version 15.006.30119 or later. For Adobe Acrobat and Acrobat Reader DC Continuous versions prior to 15.010.20056, update to version 15.010.20056 or later. As a temporary workaround, consider restricting the use of the Graphics State dictionary until a patch is available.