CVE-2024-34129Path Traversal in Adobe Acrobat Reader

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 77.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Acrobat ReaderAdobe Acrobat Mobile Sign Android
Timeline
PublishedJun 13

Description

Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are outside the restricted directory and also to overwrite arbitrary files. Exploitation of this issue does not requires user interaction and attack complexity is high.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:NExploitability: 1.1 | Impact: 5.8

Affected Packages2 packages

CVEListV5adobe/acrobat_mobile_sign_android24.4.2.33155
NVDadobe/acrobat_reader< 24.5.0.33694

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
CVEList
Acrobat Android : OverSecured Finding : Overwriting arbitrary files via attacker-controlled output file paths2024-06-13
GHSA
GHSA-76c5-v32j-jj2x: Acrobat Mobile Sign Android versions 242024-06-13
CVE-2024-34129 — Path Traversal in Adobe Acrobat Reader | cvebase