NULL Pointer Dereference Vulnerability in Adobe Acrobat Reader
CVE-2023-21586

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Acrobat Reader
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2023-21586 is a critical NULL Pointer Dereference vulnerability identified in Adobe Acrobat Reader that affects versions 22.003.20282 and earlier, 22.003.20281 and earlier, and 20.005.30418 and earlier. This vulnerability allows an unauthenticated attacker to exploit the software, potentially leading to a denial-of-service condition. Successful exploitation hinges on user interaction, as the victim must open a specifically crafted malicious file. It is paramount for users to be vigilant and update their Adobe Acrobat Reader installations to mitigate the risks associated with this vulnerability. For more details, visit the official Adobe security advisory.

Affected Version(s)

Acrobat Reader 0 <= 22.003.20281

References

https://helpx.adobe.com/security/products/acrobat/apsb23-...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2024

Collectors

NVD DatabaseMitre Database