CVE-2024-41832

Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier

Description: The issue is related to an out-of-bounds read vulnerability in the CoolType font processing framework of Acrobat Reader. This vulnerability can be exploited by an attacker using a specially crafted PDF file with an embedded malicious font file, potentially allowing the disclosure of sensitive memory information. The exploitation of this issue requires user interaction, such as opening a malicious file, and could enable an attacker to bypass certain security mitigations.

Recommendations: For versions 20.005.30636, 24.002.20965, 24.002.20964, and 24.001.30123, update to a version that is not affected by this issue. For all versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider avoiding the use of potentially malicious PDF files until a patch is available. Restrict access to untrusted PDF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.