T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words
CVE-2024-20721

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Acrobat for Edge
Vendor: CVE Published:; 15 January 2024

What is CVE-2024-20721?

Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Version(s)

Acrobat for Edge 0 <= 120.0.2210.91

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2024
Vulnerability Reserved
Dec 4, 2023

Adobe

What is CVE-2024-20721?

Affected Version(s)

References

CVSS V3.1

Timeline