Adobe Reader and Acrobat are prone to an overflow condition. The program fails to properly sanitize user-supplied input in a PICT image resulting in a heap overflow when processing a 0x10 opcode. This may allow a remote attacker to execute arbitrary code. No further details have been provided.

Upgrade to the version specified in the vendor advisory or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• OVAL ID: 13209
• CVE ID: 2011-2433 (see also: NVD)
• Secunia Advisory ID: 45978 46737 46849 46917 47680
• Bugtraq ID: 49576
• Related OSVDB ID: 75429 75430 75431 75433 75434 75435 75436 75437 75438 75439 75440 75441
• Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html
  http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html
  http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html
• Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb11-24.html
• Vendor Specific News/Changelog Entry: http://www.gentoo.org/security/en/glsa/glsa-201201-19.xml
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-11-300/
• RedHat RHSA: RHSA-2011:1434-01

• binaryproof - Zero Day Initiative (ZDI)