CVE-2024-39379

CWE-125Out-of-bounds Read4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 84.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Acrobat FOR EdgeAdobe Acrobat
Timeline
PublishedJul 31

Description

Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/acrobat_for_edge126.0.2592.81
NVDadobe/acrobat126.0.2592.81

Patches

Patch: msrc.microsoft.com

🔴Vulnerability Details

2
CVEList
Acrobat for Edge | Out-of-bounds Read (CWE-125)2024-07-31
GHSA
GHSA-x4cv-g6r2-3w7r: Acrobat for Edge versions 1262024-07-31

📋Vendor Advisories

1
Microsoft
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2024-07-09
CVE-2024-39379 (MEDIUM CVSS 5.5) | Acrobat for Edge versions 126.0.259 | cvebase.io