CVE-2024-20749

Name of the Vulnerable Software and Affected Versions Adobe Acrobat versions prior to 20.005.30539 Adobe Acrobat Reader versions prior to 20.005.30539 Adobe Acrobat 2020 versions prior to 20.005.30539 Adobe Reader 2020 versions prior to 20.005.30539 Acrobat Reader versions 20.005.30539 and earlier Acrobat Reader versions 23.008.20470 and earlier

Description The issue is related to an out-of-bounds read vulnerability in the processing of OpenType font format arrays, specifically the CharStringsOffset. This could allow an attacker to gain unauthorized access to protected information. Exploitation requires user interaction, such as opening a malicious file, and could lead to the disclosure of sensitive memory, potentially allowing an attacker to bypass mitigations like ASLR.

Recommendations For Adobe Acrobat versions prior to 20.005.30539, update to a version later than 20.005.30539. For Adobe Acrobat Reader versions prior to 20.005.30539, update to a version later than 20.005.30539. For Adobe Acrobat 2020 versions prior to 20.005.30539, update to a version later than 20.005.30539. For Adobe Reader 2020 versions prior to 20.005.30539, update to a version later than 20.005.30539. For Acrobat Reader versions 20.005.30539 and earlier, update to a version later than 20.005.30539. For Acrobat Reader versions 23.008.20470 and earlier, update to a version later than 23.008.20470. As a temporary workaround, consider avoiding the opening of suspicious or untrusted PDF files until the issue is resolved.