High severity8.8NVD Advisory· Published Jan 14, 2016· Updated May 6, 2026

CVE-2016-0935

Description

Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted ExtGState dictionary.

Affected products

Adobe Inc./Acrobat14 versions
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*range: <=11.0.13
- cpe:2.3:a:adobe:acrobat:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:11.0.9:*:*:*:*:*:*:*
Adobe Inc./Acrobat Dc2 versions
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*range: <=15.006.30097
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*range: <=15.009.20077
Adobe Inc./Acrobat Reader14 versions
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*range: <=11.0.13
- cpe:2.3:a:adobe:acrobat_reader:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:11.0.9:*:*:*:*:*:*:*
Adobe Inc./Acrobat Reader Dc2 versions
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*range: <=15.006.30097
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*range: <=15.009.20077

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/acrobat/apsb16-02.htmlnvdPatchVendor Advisory
www.securitytracker.com/id/1034646nvdThird Party AdvisoryVDB Entry
zerodayinitiative.com/advisories/ZDI-16-017nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000