CVE-2026-47925: Acrobat Reader Integer Overflow Denial-of-Service Vulnerability
Adobe Acrobat Reader contains an integer overflow flaw that crashes the application when a user opens a specially crafted file. While this is a denial-of-service issue rather than a data breach or code execution vulnerability, it can disrupt business workflows. The flaw affects Acrobat Reader DC versions 24.001.30365, 26.001.21651 and earlier across Windows and macOS. An attacker must trick a user into opening a malicious PDF or document to trigger the crash.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.5 MEDIUM · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-190
- Affected products
- 5 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-47925 is an integer overflow or wraparound vulnerability (CWE-190) in Adobe Acrobat Reader. When processing a specially constructed file, integer arithmetic in the application exceeds its maximum representable value, causing memory corruption or application termination. The vulnerability requires local access and user interaction; it cannot be remotely triggered without the victim first opening an attacker-controlled document. The CVSS 3.1 score of 5.5 reflects high availability impact (crash) with no confidentiality or integrity compromise.
Business impact
Denial-of-service attacks leveraging this flaw could disrupt knowledge workers who depend on Acrobat Reader for document review and collaboration. While data exposure is not a concern, repeated crashes may degrade productivity, increase support tickets, and strain systems in organizations with high PDF processing volume. The requirement for user interaction limits mass exploitation but does not eliminate risk in environments where users frequently receive external documents.
Affected systems
Adobe Acrobat Reader DC (versions 24.001.30365 and 26.001.21651 or earlier) on Windows and macOS are confirmed in scope. Adobe Acrobat DC is also listed as affected. Administrators should verify exact version numbers in their environments against Adobe's official security advisory, as patch version cutoffs determine vulnerability exposure.
Exploitability
Exploitation requires delivery of a malicious file and user action to open it. The attack vector is local, attack complexity is low, and no privileges are required—making this a straightforward social engineering vector if users can be convinced to open untrusted documents. However, the CVSS assessment does not suggest active exploitation in the wild at this time, as the vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
Remediation
Patch Acrobat Reader and Acrobat DC to the versions released by Adobe in response to this advisory. End-of-life version information and precise patch releases should be verified against Adobe's security bulletin. Organizations unable to patch immediately should enforce technical controls: restrict file type associations, disable auto-opening of PDFs, educate users on document source verification, and monitor for suspicious file submissions.
Patch guidance
Check Adobe's official security advisory for the exact patched versions and availability timeline. Acrobat Reader and Acrobat DC typically receive updates through automatic update mechanisms or the Creative Cloud app. For enterprise deployments, consult Adobe's update documentation to deploy patches via centralized patch management. Verify that patched versions are tested in your environment before broad rollout, particularly if you rely on custom PDF plugins or workflows.
Detection guidance
Monitor for Acrobat Reader and Acrobat DC process crashes, particularly if correlated with file access logs or user reports of PDF failures. Endpoint detection and response (EDR) tools can flag unexpected application termination. Network monitoring for suspicious file transfers to internal users may identify delivery attempts. However, detection focuses on impact (the crash itself) rather than the payload, since this is an availability rather than confidentiality/integrity issue.
Why prioritize this
This vulnerability merits near-term remediation due to ease of exploitation (user-centric attack, no special privileges needed) and widespread reliance on PDF readers in enterprise environments. The denial-of-service impact, while not data-critical, can disrupt operations and be weaponized in targeted scenarios. However, it is not a critical emergency compared to remote code execution or data exfiltration vulnerabilities; batch patching within a normal update cycle is appropriate.
Risk score, explained
The CVSS 3.1 score of 5.5 (MEDIUM) reflects that this vulnerability has high impact on availability (the application crashes) but zero impact on confidentiality or integrity. The scoring assumes an attacker has only local access and must obtain user interaction. The relatively moderate score is justified because the threat model—tricking a user into opening a file—is well-understood and has natural friction, and the outcome is a temporary service disruption rather than persistent compromise.
Frequently asked questions
Can an attacker exploit this remotely without user action?
No. The vulnerability requires local file access and explicit user interaction to open a malicious document. An attacker cannot remotely trigger the crash over a network without first convincing a user to open a crafted file.
Does this vulnerability leak sensitive data or allow code execution?
Neither. This is purely a denial-of-service issue; the integer overflow causes the application to crash. There is no evidence of data exfiltration or arbitrary code execution. The impact is limited to application availability.
Which versions of Acrobat Reader are safe?
Acrobat Reader DC and Acrobat versions released after the patch date are safe. Consult Adobe's official security advisory for exact version numbers, as patch releases vary by product line and platform. Organizations should also consider moving to the latest Acrobat version for broader security coverage.
Should we block Acrobat Reader entirely until we patch?
Blocking is not necessary if risk tolerance is reasonable. Instead, prioritize patching, implement user training on document source verification, and consider disabling auto-open features for PDFs from untrusted sources. Full application blocking may be excessive for a medium-severity availability issue.
This analysis is based on publicly available CVE data and the vendor advisory referenced in the CVE record. Specific patch version numbers, availability timelines, and workaround effectiveness should be independently verified against Adobe's official security bulletin. SEC.co does not provide legal or compliance advice. Organizations should assess risk in their own environment and consult their security teams and vendor support for specific deployment decisions. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-34711HIGHCAI Content Credentials Integer Overflow Denial-of-Service Vulnerability
- CVE-2026-11299MEDIUMInteger Overflow in Google Chrome Font Processing (Medium Severity)
- CVE-2026-9882MEDIUMChrome ANGLE Integer Overflow Allows Cross-Origin Data Leakage
- CVE-2026-10921HIGHChrome Dawn Integer Overflow Sandbox Escape Vulnerability
- CVE-2026-10924HIGHChrome Integer Overflow Sandbox Escape Vulnerability
- CVE-2026-34657MEDIUMPath Traversal in CAI Content Credentials c2pa-web—MEDIUM Severity
- CVE-2026-34694MEDIUMAdobe Experience Manager Forms JEE Stored XSS Vulnerability – Patch Guide
- CVE-2026-34703MEDIUMAdobe InDesign Null Pointer Denial-of-Service Vulnerability