CVE-2024-41834Out-of-bounds Read in Adobe Acrobat

CWE-125Out-of-bounds Read3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 71.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe AcrobatAdobe Acrobat DCAdobe Acrobat Reader+1 more
Timeline
PublishedAug 14

Description

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDadobe/acrobat_reader20.001.300520.005.30655
NVDadobe/acrobat_reader_dc15.008.2008224.002.21005
CVEListV5adobe/acrobat_reader24.001.30123
NVDadobe/acrobat20.001.3000520.005.30655+1
NVDadobe/acrobat_dc15.008.2008224.002.21005

🔴Vulnerability Details

2
CVEList
ZDI-CAN-24311: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability2024-08-14
GHSA
GHSA-pxfg-hh7x-4v6j: Acrobat Reader versions 202024-08-14
CVE-2024-41834 — Out-of-bounds Read in Adobe Acrobat | cvebase