CVE-2024-20721 MEDIUM

CVE-2024-20721: T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words

Vendor Adobe

Product Acrobat for Edge

Weakness CWE-20 · Input validation

Published January 15, 2024

Last update June 3, 2025

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

Description

Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Key dates

Disclosure timeline

January 15, 2024 CVE published

June 3, 2025 Record updated