CVE-2023-44358Out-of-bounds Read in Adobe Acrobat DC

CWE-125Out-of-bounds Read3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 74.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe Acrobat DCAdobe Acrobat ReaderAdobe Acrobat Reader DC+1 more
Timeline
PublishedNov 16

Description

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDadobe/acrobat_reader20.001.3000520.005.30539
NVDadobe/acrobat_reader_dc15.008.2008223.006.20380
CVEListV5adobe/acrobat_reader23.006.20360
NVDadobe/acrobat_dc15.008.2008223.006.20380
NVDadobe/acrobat20.001.3000520.005.30539

🔴Vulnerability Details

2
GHSA
GHSA-w32f-79ww-93m8: Adobe Acrobat Reader versions 232023-11-16
CVEList
ZDI-CAN-21971: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability2023-11-16
CVE-2023-44358 — Out-of-bounds Read in Adobe Acrobat DC | cvebase