Adobe fixes critical vulnerabilities in Acrobat, Reader, and DNG SDK
Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that resolve a combined total of thirty-six security vulnerabilities in the three products.
Of the thirty-six vulnerabilities, sixteen are classified as 'Critical' as they allow code execution or the bypassing of security features.
If you use either of these products, it is strongly suggested that you upgrade to the latest versions as soon as possible.
Security Update available for Adobe Acrobat and Reader | APSB20-24
Adobe has released security updates for Acrobat and Reader that resolve a total of twenty-four vulnerabilities.
Of these vulnerabilities, twelve are classified as 'Critical' as they allow code execution or the bypassing of security features. The rest are denial of service or information disclosure vulnerabilities and are classified as 'Important'.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Null Pointer | Application denial-of-service | Important |
CVE-2020-9610 |
| Heap Overflow | Arbitrary Code Execution | Critical | CVE-2020-9612 |
| Race Condition | Security feature bypass | Critical | CVE-2020-9615 |
| Out-of-bounds write | Arbitrary Code Execution | Critical |
CVE-2020-9597 CVE-2020-9594 |
| Security bypass | Security feature bypass | Critical |
CVE-2020-9614 CVE-2020-9613 CVE-2020-9596 CVE-2020-9592 |
| Stack exhaustion | Application denial-of-service | Important | CVE-2020-9611 |
| Out-of-bounds read | Information disclosure | Important |
CVE-2020-9609 CVE-2020-9608 CVE-2020-9603 CVE-2020-9602 CVE-2020-9601 CVE-2020-9600 CVE-2020-9599 |
| Buffer error | Arbitrary Code Execution | Critical |
CVE-2020-9605 CVE-2020-9604 |
| Use-after-free | Arbitrary Code Execution | Critical |
CVE-2020-9607 CVE-2020-9606 |
| Invalid memory access | Information disclosure | Important |
CVE-2020-9598 CVE-2020-9595 CVE-2020-9593 |
Users should install the latest versions of Adobe Acrobat and Adobe Reader to resolve these vulnerabilities.
Security update available for Adobe DNG Software Development Kit (SDK) | APSB20-26
This update fixes twelve vulnerabilities in the Adobe DNG Software Development Kit that resolve critical code executable vulnerabilities.
Of the twelve vulnerabilities fixed in this update, four of them classified as 'Critical' with the rest being classified as 'Important'.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Heap Overflow | Arbitrary Code Execution | Critical |
CVE-2020-9589 CVE-2020-9590 CVE-2020-9620 CVE-2020-9621 |
| Out-of-Bounds Read | Information Disclosure | Important |
CVE-2020-9622 CVE-2020-9623 CVE-2020-9624 CVE-2020-9625 CVE-2020-9626 CVE-2020-9627 CVE-2020-9628 CVE-2020-9629 |
Users should install Adobe DNG Software Development Kit (SDK) 1.5.1 to resolve these vulnerabilities.
Gloss