CVE-2024-39383

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 14, 2024
Updated: Aug 20, 2024
CWE ID 416

Summary

CVE-2024-39383 is a Use After Free vulnerability affecting Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, and 24.001.30123 and earlier. This issue could allow an attacker to execute arbitrary code in the context of the current user, once they have managed to make the software use previously freed memory. Exploitation requires users to open a specially crafted malicious file, increasing the risk for individuals who open untrusted documents. Organizations and users are advised to update their Acrobat Reader software to the latest version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Adobe Acrobat
  • Adobe Acrobat Reader
  • Adobe Acrobat DC

Affected Vendors

  • Adobe