CVE-2016-6938

Name: CVE-2016-6938
Creator: NVD / NIST
Published: 2016-09-17T02:59:04.617+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 8.71%

Last modified Jun 17, 2026

CVE-2016-6938 is a vulnerability of currently unknown severity. Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255.. EPSS estimates a 8.71% chance of exploitation in the next 30 days.

Description

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255.

Metrics

EPSS Probability

8.71%

94.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-416

Affected Software

Vendor	Product	Versions
Adobe	Acrobat	<= 11.0.16
Adobe	Acrobat Dc	<= 15.006.30174
Adobe	Acrobat Dc	<= 15.016.20045
Adobe	Acrobat Reader Dc	<= 15.006.30174
Adobe	Acrobat Reader Dc	<= 15.016.20045
Adobe	Reader	<= 11.0.16

References

http://www.securityfocus.com/bid/93016Third Party Advisory, VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-591Third Party Advisory, VDB Entry
https://helpx.adobe.com/security/products/acrobat/apsb16-26.htmlVendor Advisory
http://www.securityfocus.com/bid/93016Third Party Advisory, VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-591Third Party Advisory, VDB Entry
https://helpx.adobe.com/security/products/acrobat/apsb16-26.htmlVendor Advisory

Timeline

Published: Sep 17, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-6938?

How severe is CVE-2016-6938?

Severity scoring for CVE-2016-6938 is pending analysis. The EPSS model estimates a 8.71% probability of exploitation in the next 30 days.

How do I fix CVE-2016-6938?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-6938?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST