CVE-2023-44361Use After Free in Adobe Acrobat DC

CWE-416Use After Free3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 75.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe Acrobat DCAdobe Acrobat ReaderAdobe Acrobat Reader DC+1 more
Timeline
PublishedNov 16

Description

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDadobe/acrobat_reader20.001.3000520.005.30539
NVDadobe/acrobat_reader_dc15.008.2008223.006.20380
CVEListV5adobe/acrobat_reader23.006.20360
NVDadobe/acrobat_dc15.008.2008223.006.20380
NVDadobe/acrobat20.001.3000520.005.30539

🔴Vulnerability Details

2
GHSA
GHSA-794f-9q36-972h: Adobe Acrobat Reader versions 232023-11-16
CVEList
ZDI-CAN-22041: Adobe Acrobat Reader DC AcroForm Doc Object Use-After-Free Information Disclosure Vulnerability2023-11-16
CVE-2023-44361 — Use After Free in Adobe Acrobat DC | cvebase