Skip to main content

Acrobat Reader CVE-2026-47925

| EUVDEUVD-2026-35810 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-06-09 adobe GHSA-6jj6-jjpg-g47g
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 09, 2026 - 20:54 vuln.today

DescriptionNVD

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Integer overflow in Adobe Acrobat Reader triggers an application crash when processing a specially crafted file, resulting in a denial-of-service condition. Versions 24.001.30365 and 26.001.21651 and earlier are confirmed affected per Adobe advisory APSB26-63. Impact is limited to availability - no confidentiality or integrity compromise is possible - and no public exploit or active exploitation has been identified at time of analysis.

Technical ContextAI

The vulnerability is rooted in CWE-190 (Integer Overflow or Wraparound), a class of defect where arithmetic on integer values exceeds the representable range of the data type, causing unexpected wrap-around or truncation. In a PDF rendering engine such as Acrobat Reader, this commonly occurs during parsing of document structures (e.g., image dimensions, stream lengths, object counts) where attacker-controlled values feed into size calculations. The affected product is identified by CPE cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* across both the 24.x and 26.x release tracks. The CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H reflects a locally-triggered, file-based attack path with high availability impact confined to the application process scope (S:U).

RemediationAI

The primary remediation is to update Adobe Acrobat Reader to a version beyond 24.001.30365 (24.x track) or beyond 26.001.21651 (26.x track), as addressed in Adobe security bulletin APSB26-63 at https://helpx.adobe.com/security/products/acrobat/apsb26-63.html. The exact patched release version is not independently confirmed beyond what is documented in that advisory - consult APSB26-63 for the specific fixed build numbers. As a compensating control where immediate patching is not feasible, organizations can configure email and web gateways to quarantine or sandbox PDF attachments from untrusted sources, reducing the likelihood that a malicious file reaches a vulnerable endpoint. Disabling Acrobat Reader as the default PDF handler and using an alternative viewer for untrusted documents is another concrete interim measure. These controls reduce exposure but do not eliminate the vulnerability.

CVE-2013-2730 CRITICAL POC
10.0 May 16

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attacke

CVE-2015-3073 CRITICAL POC
10.0 May 13

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass inten

CVE-2014-9160 CRITICAL
10.0 May 13

Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows

CVE-2013-3356 CRITICAL
10.0 Sep 12

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke

CVE-2013-3353 CRITICAL
10.0 Sep 12

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke

CVE-2013-3351 CRITICAL
10.0 Sep 12

Multiple stack-based buffer overflows in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and M

CVE-2015-7622 CRITICAL POC
10.0 Oct 14

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.

CVE-2013-3358 CRITICAL
10.0 Sep 12

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack

CVE-2013-3357 CRITICAL
10.0 Sep 12

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack

CVE-2014-0561 CRITICAL
10.0 Sep 17

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X a

CVE-2012-0774 CRITICAL
10.0 Apr 10

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitra

CVE-2012-1525 CRITICAL
10.0 Aug 15

Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X a

Share

CVE-2026-47925 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy