CVE-2024-49531

CWE-476NULL Pointer Dereference3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 70.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe AcrobatAdobe Acrobat DCAdobe Acrobat Reader+1 more
Timeline
PublishedDec 10

Description

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDadobe/acrobat_reader20.001.3000220.005.30748
NVDadobe/acrobat_reader_dc15.007.2003324.005.20320
CVEListV5adobe/acrobat_reader20.005.30710
NVDadobe/acrobat20.001.3000220.005.30748+1
NVDadobe/acrobat_dc15.007.2003324.005.20320

🔴Vulnerability Details

2
GHSA
GHSA-ph65-8qf2-63qx: Acrobat Reader versions 242024-12-10
CVEList
Acrobat Reader | NULL Pointer Dereference (CWE-476)2024-12-10
CVE-2024-49531 (MEDIUM CVSS 5.5) | Acrobat Reader versions 24.005.2030 | cvebase.io