Description

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Related CPE's

a

adobe

acrobat_dc

*

*

*

*

continuous

Vulnerable

a

adobe

acrobat_reader_dc

*

*

*

*

continuous

Vulnerable

o

apple

macos

2

o

microsoft

windows

2

a

adobe

acrobat

2

a

adobe

acrobat_reader

2

References

https://helpx.adobe.com/security/products/acrobat/apsb23-30.html

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-416

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-10T14:15:13.993

11 months ago

Last modified

2023-08-15T17:29:13.877

11 months ago