CVE-2020-24427

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 2020.012.20048 and earlier Acrobat Reader versions 2020.001.30005 and earlier Acrobat Reader versions 2017.011.30175 and earlier

Description The issue is related to an input validation vulnerability when decoding a crafted codec, which could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction, in that a victim must open a malicious file. This vulnerability exists due to insufficient input validation in Adobe Reader and Acrobat programs.

Recommendations For Acrobat Reader versions 2020.012.20048 and earlier, update to a version that fixes the input validation vulnerability. For Acrobat Reader versions 2020.001.30005 and earlier, update to a version that fixes the input validation vulnerability. For Acrobat Reader versions 2017.011.30175 and earlier, update to a version that fixes the input validation vulnerability. As a temporary workaround, consider avoiding the use of crafted codecs until a patch is available. Restrict access to malicious files to minimize the risk of exploitation.