Out-of-Bounds Read Vulnerability in Acrobat Reader by Adobe
CVE-2024-41833

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Acrobat; Acrobat Dc; Acrobat Reader; Acrobat Reader Dc
Vendor: CVE Published:; 14 August 2024

Summary

Acrobat Reader is impacted by an out-of-bounds read vulnerability that allows potential attackers to disclose sensitive memory information. This issue can be exploited if a user opens a malicious PDF file, allowing attackers to bypass certain security features, including Address Space Layout Randomization (ASLR). The vulnerability underscores the importance of vigilance in handling files from untrusted sources. Users are advised to update their software to maintain security.

References

https://helpx.adobe.com/security/products/acrobat/apsb24-...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024