CVE-2024-45107: ZDI-CAN-24186: Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability
First published: Thu Sep 05 2024(Updated: )
Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Adobe Acrobat Reader | >=20.001.30005<20.005.30655 | |
| Adobe Acrobat Reader | >=24.001.20604<24.001.30159 | |
| Adobe Acrobat | >=15.007.20033<24.002.21005 | |
| Adobe Acrobat Reader | >=20.001.30005<20.005.30655 | |
| Adobe Acrobat Reader | >=15.007.20033<24.002.21005 | |
| Any of | ||
| Apple iOS and macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-45107?
CVE-2024-45107 is classified as a critical vulnerability due to its potential to lead to sensitive memory disclosure.
How do I fix CVE-2024-45107?
To fix CVE-2024-45107, update Adobe Acrobat Reader to a version later than 20.005.30655 or 24.001.30159.
Which versions of Acrobat Reader are affected by CVE-2024-45107?
CVE-2024-45107 affects Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, and 24.002.20991 and earlier.
What is a Use After Free vulnerability in the context of CVE-2024-45107?
A Use After Free vulnerability, like CVE-2024-45107, allows attackers to exploit memory that has already been freed, potentially leading to memory corruption.
Can CVE-2024-45107 be exploited to bypass security mitigations?
Yes, exploitation of CVE-2024-45107 could allow attackers to bypass security mitigations such as Address Space Layout Randomization (ASLR).
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/title
- agent/references
- agent/description
- agent/author
- agent/severity
- agent/event
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/24.001.20604
- canonical/adobe acrobat
- version/adobe acrobat/15.007.20033
- version/adobe acrobat reader/15.007.20033
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows