{"api_version":"1","generated_at":"2026-04-17T08:42:45+00:00","cve":"CVE-2020-9715","urls":{"html":"https://cve.report/CVE-2020-9715","api":"https://cve.report/api/cve/CVE-2020-9715.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-9715","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-9715"},"summary":{"title":"CVE-2020-9715","description":"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .","state":"PUBLISHED","assigner":"adobe","published_at":"2020-08-19 14:15:13","updated_at":"2026-04-14 14:45:00"},"problem_types":["CWE-416","Use-after-free","CWE-416 CWE-416 Use After Free"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/","name":"https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"],"title":"Analysis of a use-after-free Vulnerability in Adobe Acrobat Reader DC - Exodus Intelligence","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-991/","name":"https://www.zerodayinitiative.com/advisories/ZDI-20-991/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"ZDI-20-991 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html","name":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Adobe Security Bulletin","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-9715","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9715","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Adobe","product":"Adobe Acrobat and Reader","version":"affected 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier versions","platforms":[]}],"timeline":[{"source":"ADP","time":"2026-04-13T00:00:00.000Z","lang":"en","value":"CVE-2020-9715 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"9715","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"20.001.30002","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9715","vulnerable":"1","versionEndIncluding":"15.006.30523","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9715","vulnerable":"1","versionEndIncluding":"17.011.30171","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9715","vulnerable":"1","versionEndIncluding":"20.009.20074","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"continuous","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9715","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"20.001.30002","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9715","vulnerable":"1","versionEndIncluding":"15.006.30523","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9715","vulnerable":"1","versionEndIncluding":"17.011.30171","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"classic","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9715","vulnerable":"1","versionEndIncluding":"20.009.20074","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"acrobat_reader_dc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"continuous","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9715","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9715","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2020","cve_id":"9715","cve":"CVE-2020-9715","vendorProject":"Adobe","product":"Acrobat","vulnerabilityName":"Adobe Acrobat Use-After-Free Vulnerability","dateAdded":"2026-04-13","shortDescription":"Adobe Acrobat contains a use-after-free vulnerability that allows for code execution","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","dueDate":"2026-04-27","knownRansomwareCampaignUse":"Unknown","notes":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715","cwes":"CWE-416","catalogVersion":"2026.04.16","updated_at":"2026-04-16 13:54:08"},"epss":{"cve_year":"2020","cve_id":"9715","cve":"CVE-2020-9715","epss":"0.760370000","percentile":"0.989210000","score_date":"2026-04-16","updated_at":"2026-04-17 00:09:25"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-04T10:34:39.919Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-991/"},{"tags":["x_transferred"],"url":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html"},{"tags":["x_transferred"],"url":"https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2020-9715","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-13T17:04:28.691097Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2026-04-13","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416 Use After Free","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-13T22:20:25.649Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9715"}],"timeline":[{"lang":"en","time":"2026-04-13T00:00:00.000Z","value":"CVE-2020-9715 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"Adobe Acrobat and Reader","vendor":"Adobe","versions":[{"status":"affected","version":"2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier versions"}]}],"descriptions":[{"lang":"en","value":"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution ."}],"problemTypes":[{"descriptions":[{"description":"Use-after-free   ","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-12-07T00:00:00.000Z","orgId":"078d4453-3bcd-4900-85e6-15281da43538","shortName":"adobe"},"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-991/"},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb20-48.html"},{"url":"https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/"}]}},"cveMetadata":{"assignerOrgId":"078d4453-3bcd-4900-85e6-15281da43538","assignerShortName":"adobe","cveId":"CVE-2020-9715","datePublished":"2020-08-19T00:00:00.000Z","dateReserved":"2020-03-02T00:00:00.000Z","dateUpdated":"2026-04-13T22:20:25.649Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2020-08-19 14:15:13","lastModifiedDate":"2026-04-14 14:45:00","problem_types":["CWE-416","Use-after-free","CWE-416 CWE-416 Use After Free"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.006.30060","versionEndIncluding":"15.006.30523","matchCriteriaId":"FF9AD23D-2478-40F9-8504-3363EC18A582"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*","versionStartIncluding":"15.008.20082","versionEndIncluding":"20.009.20074","matchCriteriaId":"CC5FFE53-2682-44E5-B888-4A0E3DDBE19C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"17.011.30059","versionEndIncluding":"17.011.30171","matchCriteriaId":"FB59932A-B454-4F9D-B346-9CB083CCFE9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:20.001.30002:*:*:*:classic:*:*:*","matchCriteriaId":"A8E2402A-9025-4322-86D2-B65ABB33AFA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"15.006.30060","versionEndIncluding":"15.006.30523","matchCriteriaId":"6F4B8A87-4022-4787-9FC4-342732DF35FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*","versionStartIncluding":"15.008.20082","versionEndIncluding":"20.009.20074","matchCriteriaId":"38776DFA-9B6F-4417-A664-ACFA8979CA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionStartIncluding":"17.011.30059","versionEndIncluding":"17.011.30171","matchCriteriaId":"1E735417-A682-4000-978A-E880254A5A23"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:20.001.30002:*:*:*:classic:*:*:*","matchCriteriaId":"8E9B6A3E-04DA-47D9-99E5-8F4030511BE1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"9715","Ordinal":"1","Title":"CVE-2020-9715","CVE":"CVE-2020-9715","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"9715","Ordinal":"1","NoteData":"Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .","Type":"Description","Title":"CVE-2020-9715"},{"CveYear":"2020","CveId":"9715","Ordinal":"2","NoteData":"2020-08-19","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"9715","Ordinal":"3","NoteData":"2020-08-19","Type":"Other","Title":"Modified"}]}}}