Adobe Acrobat Reader
Moderate fix1 remedy
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- <= 24.001.30225
- <= 20.005.30748
- <= 25.001.20428
Adobe Acrobat Reader Access of Uninitialized Pointer Vulnerability Allowing Arbitrary Code Execution
Vulnerability
Patched
A vulnerability allowing access of an uninitialized pointer has been identified in Adobe Acrobat Reader. This issue affects versions through 24.001.30225, 20.005.30748, 25.001.20428 and earlier. The vulnerability arises in the font handling functionality, specifically within the OpenType font format. When a user opens a malicious PDF file containing a specially crafted font, it can lead to memory corruption and potentially allow arbitrary code execution in the context of the user.
Impact
Exploitation of this vulnerability can cause a memory corruption error, leading to a crash. However, this uninitialized memory access can be manipulated to execute arbitrary code.
Reproduction
The vulnerability can be reproduced by opening a PDF file in Adobe Acrobat Reader that contains a maliciously crafted font file. This font file must be designed to exploit the uninitialized pointer vulnerability in the application's font handling process.
Remediation
Users are advised to update to the latest version of Adobe Acrobat Reader. The vendor has released a patch for this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
10.0exploitability
5.8remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.