Red Hat Bugzilla – Bug 962931
acroread: multiple code execution flaws (APSB13-15)
Last modified: 2015-11-24 10:32:43 EST
Adobe security bulletin APSB13-15 describes multiple security flaws that could cause Adobe Acrobat Reader to crash and potentially allow an attacker to take control of the affected system:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341).
These updates resolve an integer underflow vulnerability that could lead to code execution (CVE-2013-2549).
These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2013-2724).
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-2730, CVE-2013-2733).
These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-2727, CVE-2013-2729).
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2013:0826 https://rhn.redhat.com/errata/RHSA-2013-0826.html
The bulletin was revised with this note:
August 8, 2013: Added a memory corruption vulnerability (CVE-2013-3346) that was accidentally omitted from the bulletin when originally published.