Multiple vulnerabilities have been reported in Adobe Reader:

• Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in the JBIG2 filter (CVE-2009-0198).
• Mark Dowd of the IBM Internet Security Systems X-Force and Nicolas Joly of VUPEN Security reported multiple heap-based buffer overflows in the JBIG2 filter (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889)
• Arr1val reported that multiple methods in the JavaScript API might lead to memory corruption when called with crafted arguments (CVE-2009-1492, CVE-2009-1493).
• An anonymous researcher reported a stack-based buffer overflow related to U3D model files with a crafted extension block (CVE-2009-1855).
• Jun Mao and Ryan Smith of iDefense Labs reported an integer overflow related to the FlateDecode filter, which triggers a heap-based buffer overflow (CVE-2009-1856).
• Haifei Li of Fortinet's FortiGuard Global Security Research Team reported a memory corruption vulnerability related to TrueType fonts (CVE-2009-1857).
• The Apple Product Security Team reported a memory corruption vulnerability in the JBIG2 filter (CVE-2009-1858).
• Matthew Watchinski of Sourcefire VRT reported an unspecified memory corruption (CVE-2009-1859).
• Will Dormann of CERT reported multiple heap-based buffer overflows when processing JPX (aka JPEG2000) stream that trigger heap memory corruption (CVE-2009-1861).
• Multiple unspecified vulnerabilities have been discovered (CVE-2009-2028).