CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41833 – ZDI-CAN-24310: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-41833
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41834 – ZDI-CAN-24311: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-41834
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. • https://helpx.adobe.com/security/products/acrobat/apsb24-57.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39379 – Acrobat for Edge | Out-of-bounds Read (CWE-125)
https://notcve.org/view.php?id=CVE-2024-39379
Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to arbitrary file system read access. An attacker could exploit this vulnerability to read contents from a location in memory past the buffer boundary, potentially leading to sensitive information disclosure. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39379 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34122 – T5 Acrobat Vulnerability - Exploitable crash in DecodeTile
https://notcve.org/view.php?id=CVE-2024-34122
Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-34122 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34130 – Acrobat Android : OverSecured Finding : Access to arbitrary* content providers via insecure Intent configuration
https://notcve.org/view.php?id=CVE-2024-34130
Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access confidential information. Exploitation of this issue does not require user interaction. Las versiones 24.4.2.33155 y anteriores de Acrobat Mobile Sign para Android se ven afectadas por una vulnerabilidad de autorización incorrecta que podría provocar la omisión de una función de seguridad. Un atacante podría aprovechar esta vulnerabilidad para acceder a información confidencial. • https://helpx.adobe.com/security/products/acrobat-android/apsb24-50.html • CWE-863: Incorrect Authorization •