CVE-2024-20735: TALOS-2023-1905 - Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability
First published: Thu Feb 15 2024(Updated: )
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Adobe Acrobat Reader | >=15.008.20082<23.008.20533 | |
| Adobe Acrobat Reader Notification Manager | >=15.008.20082<23.008.20533 | |
| Any of | ||
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| All of | ||
| Any of | ||
| Adobe Acrobat Reader | >=20.001.30005<20.005.30574 | |
| Adobe Acrobat Reader Notification Manager | >=20.001.30005<20.005.30574 | |
| Any of | ||
| Apple iOS and macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20735?
CVE-2024-20735 has been rated as a medium severity vulnerability due to its potential for sensitive data disclosure.
How do I fix CVE-2024-20735?
To fix CVE-2024-20735, update to the latest version of Adobe Acrobat or Adobe Acrobat Reader that addresses this vulnerability.
Which versions of Adobe Acrobat are affected by CVE-2024-20735?
CVE-2024-20735 affects Adobe Acrobat versions 20.005.30539, 23.008.20470 and earlier.
Is CVE-2024-20735 exploitable remotely?
Yes, CVE-2024-20735 can potentially be exploited remotely if an attacker can trick a user into opening a malicious PDF file.
What systems are vulnerable to CVE-2024-20735?
CVE-2024-20735 affects Adobe Acrobat and Adobe Acrobat Reader on both Microsoft Windows and macOS platforms.
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/references
- agent/remedy
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/15.008.20082
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader notification manager/20.001.30005