CVE-2024-20735

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier Adobe Acrobat 2020 and Adobe Reader 2020

Description The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. This vulnerability can be exploited by an attacker to bypass mitigations such as ASLR. Exploitation requires user interaction, where a victim must open a malicious file. The vulnerability is also associated with the processing of the numColorRecords parameter in OpenType font formats, which can allow an attacker to gain unauthorized access to protected information.

Recommendations For Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Adobe Acrobat 2020 and Adobe Reader 2020: At the moment, there is no information about a newer version that contains a fix for this vulnerability.