CVE-2020-24438

LOW

Acrobat Reader DC <2020.012.20048, 2020.001.30005, 2017.011.30175 -...

Title source: llm
STIX 2.1

Description

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-1357/

Scores

CVSS v3 3.3
EPSS 0.0384
EPSS Percentile 88.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-416
Status published
Products (6)
adobe/acrobat < 20.001.30005
adobe/acrobat_dc < 17.011.30175
adobe/acrobat_dc < 20.012.20048
adobe/acrobat_reader < 20.001.30005
adobe/acrobat_reader_dc < 17.011.30175
adobe/acrobat_reader_dc < 20.012.20048
Published Nov 05, 2020
Tracked Since Feb 18, 2026