CVE-2020-24426: Adobe Acrobat Reader DC ID Parameter Out-Of-Bounds Read Information Disclosure Vulnerability
First published: Thu Nov 05 2020(Updated: )
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | ||
| Adobe Acrobat Reader | <=20.001.30005 | |
| Adobe Acrobat | <=17.011.30175 | |
| Adobe Acrobat | <=20.012.20048 | |
| Adobe Acrobat Reader | <=20.001.30005 | |
| Adobe Acrobat Reader | <=17.011.30175 | |
| Adobe Acrobat Reader | <=20.012.20048 | |
| Apple iOS and macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-24426?
CVE-2020-24426 has been classified as a medium severity vulnerability due to its potential to disclose sensitive memory.
How do I fix CVE-2020-24426?
To mitigate CVE-2020-24426, users should update to the latest versions of Adobe Acrobat Reader DC or Acrobat DC provided by Adobe.
What types of software are affected by CVE-2020-24426?
CVE-2020-24426 affects Adobe Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier, and Adobe Acrobat DC versions 2017.011.30175 and earlier.
Can CVE-2020-24426 be exploited remotely?
Yes, an attacker could potentially leverage CVE-2020-24426 to remotely disclose sensitive information from a victim's system.
What is the nature of the vulnerability in CVE-2020-24426?
CVE-2020-24426 is an out-of-bounds read vulnerability that allows attackers to read sensitive memory locations.
- agent/references
- agent/type
- agent/title
- agent/weakness
- agent/author
- agent/description
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/trending
- agent/source
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-20-1354
- alias/ZDI-CAN-11540
- alias/CVE-2020-24426
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-index
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/20.001.30005
- canonical/adobe acrobat
- version/adobe acrobat/17.011.30175
- version/adobe acrobat/20.012.20048
- version/adobe acrobat reader/17.011.30175
- version/adobe acrobat reader/20.012.20048
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows