CVE-2024-30312: TALOS-2024-1952 - Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability
First published: Wed May 15 2024(Updated: )
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Adobe Acrobat Reader DC | >=15.007.20033<24.002.20759 | |
| Adobe Acrobat Reader | >=15.007.20033<24.002.20759 | |
| Any of | ||
| macOS | ||
| Microsoft Windows Operating System | ||
| All of | ||
| Any of | ||
| Adobe Acrobat Reader | >=20.001.30002<20.005.30635 | |
| Adobe Acrobat Reader Notification Manager | >=20.001.30002<20.005.30635 | |
| macOS | ||
| All of | ||
| Any of | ||
| Adobe Acrobat Reader | >=20.001.30002<20.005.30636 | |
| Adobe Acrobat Reader Notification Manager | >=20.001.30002<20.005.30636 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-30312?
CVE-2024-30312 is classified as a medium severity vulnerability that allows for out-of-bounds memory read, potentially leading to sensitive data disclosure.
Who is affected by CVE-2024-30312?
CVE-2024-30312 affects Adobe Acrobat DC and Adobe Acrobat Reader versions 20.005.30574, 24.002.20736, and earlier.
How do I fix CVE-2024-30312?
To fix CVE-2024-30312, update Adobe Acrobat DC or Adobe Acrobat Reader to the latest version available from Adobe.
What types of vulnerabilities can CVE-2024-30312 exploit?
CVE-2024-30312 can be exploited to bypass security mitigations such as Address Space Layout Randomization (ASLR).
Can CVE-2024-30312 be exploited on macOS?
CVE-2024-30312 specifically impacts Adobe Acrobat software and is not tied to vulnerabilities in the macOS operating system.
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.007.20033
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.007.20033
- vendor/apple
- canonical/macos
- vendor/microsoft
- canonical/microsoft windows operating system
- version/adobe acrobat reader/20.001.30002
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/20.001.30002