CVE-2024-39426: ZDI-CAN-24312: Adobe Acrobat Reader DC Annotation Memory Corruption Remote Code Execution Vulnerability
First published: Wed Aug 14 2024(Updated: )
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Adobe Acrobat Reader | >=20.001.30005<20.005.30655 | |
| Adobe Acrobat Reader | >=24.001.20604<24.001.30159 | |
| Adobe Acrobat Reader | >=15.008.20082<24.002.21005 | |
| Adobe Acrobat Reader Notification Manager | >=20.001.3005<20.005.30655 | |
| Adobe Acrobat Reader Notification Manager | >=15.008.20082<24.002.21005 | |
| Any of | ||
| Apple iOS and macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39426?
CVE-2024-39426 has a high severity rating due to the potential for attackers to exploit the out-of-bounds read vulnerability.
How do I fix CVE-2024-39426?
To fix CVE-2024-39426, users should update Adobe Acrobat Reader to the latest version released after the vulnerability announcement.
Which versions are affected by CVE-2024-39426?
CVE-2024-39426 affects Adobe Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier.
What systems are impacted by CVE-2024-39426?
CVE-2024-39426 primarily impacts users of Adobe Acrobat Reader on various operating systems, including Windows and macOS.
Can CVE-2024-39426 lead to data breaches?
Yes, CVE-2024-39426 could potentially lead to data breaches if exploited, as it may allow unauthorized reading of memory contents.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/24.001.20604
- version/adobe acrobat reader/15.008.20082
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/20.001.3005
- version/adobe acrobat reader notification manager/15.008.20082
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows