CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe » Acrobat Reader : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2011-0603 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567.
402 CVE-2011-0602 20 Exec Code 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599.
403 CVE-2011-0600 20 Exec Code Mem. Corr. 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595.
404 CVE-2011-0599 20 Exec Code 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602.
405 CVE-2011-0598 189 Exec Code Overflow 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602.
406 CVE-2011-0596 20 Exec Code Overflow 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602.
407 CVE-2011-0595 20 Exec Code Overflow 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600.
408 CVE-2011-0594 20 Exec Code 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.
409 CVE-2011-0593 20 Exec Code Overflow 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600.
410 CVE-2011-0592 20 Exec Code Overflow 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
411 CVE-2011-0591 20 Exec Code Overflow 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
412 CVE-2011-0590 20 Exec Code 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
413 CVE-2011-0589 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.
414 CVE-2011-0588 +Priv 2011-02-10 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570.
415 CVE-2011-0587 79 XSS 2011-02-10 2017-09-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604.
416 CVE-2011-0586 20 Exec Code 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
417 CVE-2011-0585 DoS Exec Code 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565.
418 CVE-2011-0570 +Priv 2011-02-10 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588.
419 CVE-2011-0568 DoS Exec Code 2011-02-10 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
420 CVE-2011-0567 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603.
421 CVE-2011-0566 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0567 and CVE-2011-0603.
422 CVE-2011-0565 DoS Exec Code 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585.
423 CVE-2011-0564 264 +Priv 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors.
424 CVE-2011-0563 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0589 and CVE-2011-0606.
425 CVE-2011-0562 +Priv 2011-02-10 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588.
426 CVE-2010-4091 119 1 DoS Exec Code Overflow Mem. Corr. 2010-11-07 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
427 CVE-2010-3658 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
428 CVE-2010-3657 DoS 2010-10-06 2017-09-18
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656.
429 CVE-2010-3656 DoS 2010-10-06 2017-09-18
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657.
430 CVE-2010-3654 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
431 CVE-2010-3632 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658.
432 CVE-2010-3631 20 Exec Code 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
433 CVE-2010-3630 DoS Exec Code 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
434 CVE-2010-3629 20 Exec Code 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.
435 CVE-2010-3628 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658.
436 CVE-2010-3627 20 Exec Code 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors.
437 CVE-2010-3626 20 Exec Code 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889.
438 CVE-2010-3625 94 Exec Code 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
439 CVE-2010-3624 20 Exec Code 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image.
440 CVE-2010-3623 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
441 CVE-2010-3622 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
442 CVE-2010-3621 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
443 CVE-2010-3620 20 Exec Code 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.
444 CVE-2010-3619 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
445 CVE-2010-2890 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
446 CVE-2010-2889 20 Exec Code 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.
447 CVE-2010-2888 20 Exec Code 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.
448 CVE-2010-2887 +Priv 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.
449 CVE-2010-2884 DoS Exec Code Mem. Corr. 2010-09-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
450 CVE-2010-2883 119 DoS Exec Code Overflow 2010-09-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 581   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.