Adobe addressed multiple code execution vulnerabilities in its products, including Adobe Acrobat and Reader software
The software giant released its Patch Tuesday updates to fix 35 security vulnerabilities 12 of these issues impact software.
The arbitrary code execution issues fixed by the company includes Use After Free, Improper Input Validation, and Improper Access Control.
Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVE Number | |
Use After Free () | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2024-30284 |
Out-of-bounds Write () | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2024-30310 |
Use After Free () | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2024-34094 |
Use After Free () | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2024-34095 |
Use After Free () | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2024-34096 |
Use After Free () | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2024-34097 |
Improper Input Validation (CWE-20) | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2024-34098 |
Improper Access Control (CWE-284) | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2024-34099 |
Use After Free () | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2024-34100 |
Out-of-bounds Read () | Memory leak | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | CVE-2024-30311 |
Out-of-bounds Read () | Memory leak | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | CVE-2024-30312 |
Out-of-bounds Read (CWE-125) | Memory leak | Moderate | 3.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | CVE-2024-34101 |
The vulnerabilities were reported by the following experts and research team:
Adobe PSIRT is not aware of attacks in the wild exploiting the above vulnerabilities.
The vulnerabilities impact versions: 24.002.20736 and earlier, and 20.005.30574 and earlier for Windows and macOS operating systems.
Adobe also fixed issues in Adobe Illustrator (, Adobe Aero (), Adobe Dreamweaver (), Adobe Substance 3D Painter (), Adobe Substance 3D Designer (), Adobe Animate (, Adobe FrameMaker ().
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, Acrobat)