CVE-2023-44357 : Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and e

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published 2023-11-16 10:15:13

Updated 2023-12-04 16:15:09

Source Adobe Systems Incorporated

View at NVD, CVE.org

Products affected by CVE-2023-44357

Adobe » Acrobat Reader » Classic Edition
Versions from including (>=) 20.001.30005 and before (<) 20.005.30539
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat » Classic Edition
Versions from including (>=) 20.001.30005 and up to, including, (<=) 20.005.30539
cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and before (<) 23.006.20380
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Acrobat Reader Dc » Continuous Edition
Versions from including (>=) 15.008.20082 and before (<) 23.006.20380
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Matching versions
When used together with: Apple » Macos » Version: N/A
When used together with: Microsoft » Windows » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-44357

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 25 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-44357

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	1.8	3.6	Adobe Systems Incorporated
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N	1.8	1.4	Adobe Systems Incorporated
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2023-44357

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: psirt@adobe.com (Primary)

References for CVE-2023-44357

https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm

404. Page not found.
Broken Link

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-44357

Products affected by CVE-2023-44357

Exploit prediction scoring system (EPSS) score for CVE-2023-44357

CVSS scores for CVE-2023-44357

CWE ids for CVE-2023-44357

References for CVE-2023-44357