CVE Catalog

CVE-2020-9711

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

An out-of-bounds read vulnerability in Acrobat Reader that could lead to disclosure of sensitive memory. Exploitation requires user interaction to open a malicious file.

Risk Assessment

The risk involves potential leakage of confidential information from process memory, which could be used for further attacks on the organization.

Recommendation

Immediately update Adobe Acrobat Reader to the latest available version that includes a fix for this vulnerability.

Original NVD description (English source)

Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS