Adobe Acrobat Reader Vulnerable to Out-of-Bounds Read Vulnerability
CVE-2024-39426

7.8HIGH

Key Information:

Vendor: Adobe
Status: Acrobat Reader
Vendor: CVE Published:; 14 August 2024

Summary

Adobe Acrobat Reader contains an out-of-bounds read vulnerability that occurs while parsing specifically crafted files. This flaw allows attackers to read past the end of an allocated memory structure, potentially leading to code execution in the context of the executed user. Successful exploitation necessitates user interaction, as a target must open a maliciously designed file. Organizations using affected versions of Adobe Acrobat Reader should apply the vendor's security updates to mitigate this risk.

Affected Version(s)

Acrobat Reader 0 <= 24.001.30123

References

https://helpx.adobe.com/security/products/acrobat/apsb24-...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Jun 24, 2024

Collectors

NVD DatabaseMitre Database