CVE-2023-38243Use After Free in Adobe Acrobat

CWE-416Use After Free3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 83.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe AcrobatAdobe Acrobat DCAdobe Acrobat Reader+1 more
Timeline
PublishedAug 10

Description

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDadobe/acrobat_reader20.001.3000520.005.30516.10516+1
NVDadobe/acrobat_reader_dc15.008.2008223.003.20269
CVEListV5adobe/acrobat_reader23.003.20244
NVDadobe/acrobat20.001.3000520.005.30514.10514+1
NVDadobe/acrobat_dc15.008.2008223.003.20269

🔴Vulnerability Details

2
GHSA
GHSA-mp2p-6w3g-gfx8: Adobe Acrobat Reader versions 232023-08-10
CVEList
ZDI-CAN-21252: Adobe Acrobat Reader DC JBIG2 File Parsing Use-After-Free Information Disclosure Vulnerability2023-08-10
CVE-2023-38243 — Use After Free in Adobe Acrobat | cvebase