First published: Wed Jan 18 2023(Updated: )
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Acrobat Dc | >=15.008.20082<=22.003.20282 | |
Adobe Acrobat Reader DC | >=15.008.20082<=22.003.20282 | |
Microsoft Windows | ||
Adobe Acrobat Dc | >=15.008.20082<=22.003.20281 | |
Adobe Acrobat Reader DC | >=15.008.20082<=22.003.20281 | |
Apple macOS | ||
Adobe Acrobat Reader | >=20.001.30005<=20.005.30418 | |
Adobe Acrobat Reader | >=20.001.30005<=20.005.30418 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Adobe Acrobat Reader vulnerability is CVE-2023-21585.
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier), and 20.005.30418 (and earlier) are affected by this vulnerability.
The severity of CVE-2023-21585 is medium, with a severity value of 5.5.
An attacker could exploit this vulnerability to perform an out-of-bounds read, leading to disclosure of sensitive memory.
Yes, Adobe has released a security update to address this vulnerability. It is recommended to update to the latest version of Adobe Acrobat Reader to mitigate the risk.