CVE-2020-24427 LOW

CVE-2020-24427: Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure

Vendor Adobe

Product Acrobat Reader

Weakness CWE-20 · Input validation

Published November 5, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

3.3/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Key dates

02Disclosure timeline

November 5, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-24427 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2020-24427

CWE CWE-20

CVSS 3.3 / LOW

Affected versions

Vendor Adobe

Product Acrobat Reader

Affected ≥ unspecified and ≤ 2017.011.30175

Vendor Adobe

Product Acrobat Reader

Affected ≥ unspecified and ≤ 2020.012.20048

Vendor Adobe

Product Acrobat Reader

Affected ≥ unspecified and ≤ 2020.001.30005

Vendor Adobe

Product Acrobat Reader

Affected ≥ unspecified and ≤ None

CVE-2020-24427: Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure

01Description

02Disclosure timeline

03References

04Related CVE