CVE-2024-39420: Acrobat Reader | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

First published: Wed Aug 14 2024(Updated: )

Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Credit: psirt@adobe.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/title
• agent/type
• agent/first-publish-date
• agent/author
• agent/event
• agent/severity
• agent/softwarecombine
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/last-modified-date
• agent/references
• agent/tags
• agent/description
• collector/mitre-cve
• source/MITRE
• vendor/adobe
• canonical/adobe acrobat reader
• version/adobe acrobat reader/20.001.30005
• version/adobe acrobat reader/24.001.20604
• canonical/adobe acrobat dc
• version/adobe acrobat dc/15.008.20082
• version/adobe acrobat reader/20.001.3005
• canonical/adobe acrobat reader dc
• version/adobe acrobat reader dc/15.008.20082
• vendor/apple
• canonical/apple macos
• vendor/microsoft
• canonical/microsoft windows