Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Integer overflow in Adobe Acrobat Reader triggers an application crash when processing a specially crafted file, resulting in a denial-of-service condition. Versions 24.001.30365 and 26.001.21651 and earlier are confirmed affected per Adobe advisory APSB26-63. Impact is limited to availability - no confidentiality or integrity compromise is possible - and no public exploit or active exploitation has been identified at time of analysis.
Technical ContextAI
The vulnerability is rooted in CWE-190 (Integer Overflow or Wraparound), a class of defect where arithmetic on integer values exceeds the representable range of the data type, causing unexpected wrap-around or truncation. In a PDF rendering engine such as Acrobat Reader, this commonly occurs during parsing of document structures (e.g., image dimensions, stream lengths, object counts) where attacker-controlled values feed into size calculations. The affected product is identified by CPE cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* across both the 24.x and 26.x release tracks. The CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H reflects a locally-triggered, file-based attack path with high availability impact confined to the application process scope (S:U).
RemediationAI
The primary remediation is to update Adobe Acrobat Reader to a version beyond 24.001.30365 (24.x track) or beyond 26.001.21651 (26.x track), as addressed in Adobe security bulletin APSB26-63 at https://helpx.adobe.com/security/products/acrobat/apsb26-63.html. The exact patched release version is not independently confirmed beyond what is documented in that advisory - consult APSB26-63 for the specific fixed build numbers. As a compensating control where immediate patching is not feasible, organizations can configure email and web gateways to quarantine or sandbox PDF attachments from untrusted sources, reducing the likelihood that a malicious file reaches a vulnerable endpoint. Disabling Acrobat Reader as the default PDF handler and using an alternative viewer for untrusted documents is another concrete interim measure. These controls reduce exposure but do not eliminate the vulnerability.
More in Acrobat Reader
View allBuffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attacke
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass inten
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows
Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke
Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke
Multiple stack-based buffer overflows in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and M
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.
Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack
Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X a
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitra
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X a
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35810
GHSA-6jj6-jjpg-g47g