CVE-2024-39420

CWE-3673 documents3 sources

Severity

7.0HIGH

EPSS

1.2%

top 21.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader +1 more

Timeline

PublishedAug 14

Description

Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitati…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages5 packages

▶NVDadobe/acrobat_reader20.001.3005 — 20.005.30655

▶NVDadobe/acrobat_reader_dc15.008.20082 — 24.002.21005

▶CVEListV5adobe/acrobat_reader24.003.20054

▶NVDadobe/acrobat20.001.30005 — 20.005.30655+1

▶NVDadobe/acrobat_dc15.008.20082 — 24.002.21005

🔴Vulnerability Details

CVEList

Acrobat Reader | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)↗2024-08-14

▶

GHSA

GHSA-rx7q-7v9g-75wg: Acrobat Reader versions 20↗2024-08-14

▶