CVE-2024-20736

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 20.005.30539 through 23.008.20470 and earlier Adobe Acrobat 2020 and earlier Adobe Acrobat Reader Document Cloud versions prior to the fixed version Adobe Acrobat Document Cloud versions prior to the fixed version

Description The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability may allow an attacker to reveal protected information.

Recommendations For Acrobat Reader versions 20.005.30539 through 23.008.20470 and earlier, update to a version that contains a fix for this issue. For Adobe Acrobat 2020 and earlier, update to a version that contains a fix for this issue. For Adobe Acrobat Reader Document Cloud and Adobe Acrobat Document Cloud, update to a version that contains a fix for this issue. As a temporary workaround, consider avoiding the use of the AcroForm feature in Adobe Acrobat Pro DC until a patch is available. Restrict access to malicious files to minimize the risk of exploitation.