Adobe Acrobat Application for working with PDF documents
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Acrobat.
Recent Adobe Acrobat Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB25-119 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-119 | December 9, 2025 |
| APSB25-85 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-85 | September 9, 2025 |
| APSB25-57 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-57 | June 10, 2025 |
| APSB25-14 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-14 | March 11, 2025 |
| APSB24-92 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-92 | December 10, 2024 |
| APSB24-70 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-70 | September 10, 2024 |
| APSB24-57 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-57 | August 13, 2024 |
| APSB24-50 | Prenotification Security Advisory for Adobe Acrobat Android | APSB24-50 | June 11, 2024 |
| APSB24-29 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-29 | May 14, 2024 |
| APSB24-07 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-07 | February 13, 2024 |
By the Year
In 2026 there have been 0 vulnerabilities in Adobe Acrobat. Last year, in 2025 Acrobat had 25 security vulnerabilities published. Right now, Acrobat is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 25 | 6.64 |
| 2024 | 37 | 6.78 |
| 2023 | 13 | 7.45 |
| 2022 | 0 | 0.00 |
| 2021 | 42 | 6.83 |
| 2020 | 57 | 6.65 |
| 2019 | 223 | 9.80 |
| 2018 | 40 | 8.80 |
It may take a day or so for new Acrobat vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Acrobat Security Vulnerabilities
Acrobat Reader OOB Read before 25.001.20982: PDF Parser Vulnerability
CVE-2025-64899
7.8 - High
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader Untrusted Search Path before 25.001.20982
CVE-2025-64785
7.8 - High
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.
Untrusted Path
Acrobat Reader 25.001.20982 Improper Signature Verify - Write Access Bypass
CVE-2025-64786
3.3 - Low
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue does not require user interaction.
Improper Verification of Cryptographic Signature
Acrobat Reader Improper Crypto Signature Verification V<25.001.20983
CVE-2025-64787
3.3 - Low
- December 09, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue does not require user interaction.
Improper Verification of Cryptographic Signature
Adobe Acrobat Reader Secure Design Violation v24.001.30254 and earlier
CVE-2025-54255
4 - Medium
- September 09, 2025
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
Violation of Secure Design Principles
Acrobat Reader UAF Arbitrary Code Exec in v24.001.30254 and earlier
CVE-2025-54257
7.8 - High
- September 09, 2025
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged.
Dangling pointer
Adobe Acrobat Reader Info Exposure CVE-2025-43579 before 25.001.20521
CVE-2025-43579
5.5 - Medium
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
Information Disclosure
Adobe Acrobat Reader OOB Read (24.001.30235, 20.005.30763, 25.001.20521+)
CVE-2025-47112
5.5 - Medium
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader NULL Ptr Deref v24.001.30235/20.005.30763/25.001.20521 CVE-2025-47111
CVE-2025-47111
5.5 - Medium
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Acrobat Reader OOB Read before 26.0 File Parser
CVE-2025-43578
5.5 - Medium
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader UAF in PDF Parser -> Arbitrary Exec before v25.0
CVE-2025-43577
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader UAF before 24.001.30235 Allows Arbitrary Execution
CVE-2025-43550
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Use After Free in Acrobat Reader (v24/20/25) Enables Arbitrary Code Exec
CVE-2025-43576
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader OOB Write CVE-2025-43575, 20-25, Arbitrary Exec
CVE-2025-43575
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Acrobat Reader PDF-UAF CVE-2025-43574
CVE-2025-43574
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader UA-FREE <25.001.20521: possible arbitrary code exec
CVE-2025-43573
7.8 - High
- June 10, 2025
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader OOBR (pre-26) – memory disclosure via malicious PDF
CVE-2025-27164
5.5 - Medium
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Out-of-Bounds Read in Adobe Acrobat Reader <24.001.30225 Discloses Sensitive Memory
CVE-2025-27163
5.5 - Medium
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Out-of-Bounds Read in Adobe Acrobat Reader <24.001.30225, memory disclosure risk
CVE-2025-24431
5.5 - Medium
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Acrobat Reader v<=25 Uninitialized Pointer RCE (user interaction)
CVE-2025-27162
7.8 - High
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
OOB Read in Acrobat Reader <25.001.20428: Mem Leak & Exec
CVE-2025-27161
7.8 - High
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader UA-FF Pre-25.001.20428 Exploitable via Malicious File
CVE-2025-27160
7.8 - High
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader UAF before 25.001.20428 (arbitrary code exec)
CVE-2025-27159
7.8 - High
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Uninit Pointer OOB in Acrobat Reader v24/20/25 (CVE-2025-27158)
CVE-2025-27158
7.8 - High
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Access of Uninitialized Pointer
Acrobat Reader UAF in PDF Processing (v24.001.30225/20.005.30748/25.001.20428+)
CVE-2025-27174
7.8 - High
- March 11, 2025
Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader NULL Pointer Dereference Vulnerability
CVE-2023-21586
5.5 - Medium
- December 19, 2024
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Acrobat Reader Use After Free Vulnerability
CVE-2024-49530
7.8 - High
- December 10, 2024
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader XXE Vulnerability in XML Parsing
CVE-2024-49535
6.3 - Medium
- December 10, 2024
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity, potentially leading to unauthorized read access outside the Acrobat sandbox. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document.
XXE
Adobe Acrobat Reader NULL Pointer Dereference Denial-of-Service Vulnerability
CVE-2024-49531
5.5 - Medium
- December 10, 2024
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
CVE-2024-49532
5.5 - Medium
- December 10, 2024
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
CVE-2024-49533
5.5 - Medium
- December 10, 2024
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Acrobat Reader Out-of-Bounds Read Vulnerability
CVE-2024-49534
5.5 - Medium
- December 10, 2024
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Use After Free in Acrobat Reader <24.003.20054 (CVE-2024-41869)
CVE-2024-41869
7.8 - High
- September 13, 2024
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader < 25 Type Confusion CVE-2024-45112 Exploitable via Malicious File
CVE-2024-45112
7.8 - High
- September 13, 2024
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Object Type Confusion
Adobe Acrobat Reader Use After Free (UAF) pre-24.002.20991
CVE-2024-45107
5.5 - Medium
- September 05, 2024
Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader <127.0.2651.105 OOB Write ACE
CVE-2024-41879
7.8 - High
- August 26, 2024
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Acrobat Reader OBOR Vulnerability (20.005.30636+) - CVE-2024-41835
CVE-2024-41835
5.5 - Medium
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Acrobat Reader PDF Parser TOCTOU Race Condition v20-24.*
CVE-2024-39420
7 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
TOCTTOU
Acrobat Reader OOB Read in v20.005 & 24.* (fixed 24.002.20966)
CVE-2024-41834
5.5 - Medium
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Use-After-Free in Adobe Acrobat Reader <24.002.20965 Causing Remote Exec
CVE-2024-39424
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Out-of-Bounds Write in Acrobat Reader 24.002.20965 (CVE-2024-39423)
CVE-2024-39423
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Acrobat Reader 20.x-24.x Use After Free (CVE-2024-39422)
CVE-2024-39422
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader 20 & 24 UAF CVE-2024-39383: Arbitrary Code Exec
CVE-2024-39383
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader TOCTOU PrivEsc <= 24.002.20965
CVE-2024-39425
7 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high.
TOCTTOU
Acrobat Reader OOB Read (<20.005.30636,24.x) Enables ASLR Bypass
CVE-2024-41833
5.5 - Medium
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader Use-After-Free (UAF) 20.x & 24.x CVE-2024-41830
CVE-2024-41830
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Adobe Acrobat Reader UAF <25 (20.005.* 24.002.*): Exec
CVE-2024-41831
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader oob-read (20.x-24.x) memory disclosure
CVE-2024-41832
5.5 - Medium
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader Out-of-Bounds Read CVE-2024-39426 (v20.005, 24.00x)
CVE-2024-39426
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat for Edge <=126.0.2592.81 OOB Read
CVE-2024-39379
5.5 - Medium
- July 31, 2024
Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Acrobat or by Adobe? Click the Watch button to subscribe.
