cve-2020-24427
Vulnerability from cvelistv5
Published
2020-11-05 19:31
Modified
2024-09-16 22:25
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure
References
psirt@adobe.comhttps://helpx.adobe.com/security/products/acrobat/apsb20-67.htmlVendor Advisory
Impacted products
AdobeAcrobat Reader
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:12:08.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Acrobat Reader",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2017.011.30175",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2020.012.20048",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2020.001.30005",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-05T19:31:11",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "DATE_PUBLIC": "2020-11-03T23:00:00.000Z",
          "ID": "CVE-2020-24427",
          "STATE": "PUBLIC",
          "TITLE": "Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Acrobat Reader",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2017.011.30175"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2020.012.20048"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2020.001.30005"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation (CWE-20)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/acrobat/apsb20-67.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2020-24427",
    "datePublished": "2020-11-05T19:31:11.362146Z",
    "dateReserved": "2020-08-19T00:00:00",
    "dateUpdated": "2024-09-16T22:25:56.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-24427\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2020-11-05T20:15:15.927\",\"lastModified\":\"2021-09-08T17:22:52.910\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\"},{\"lang\":\"es\",\"value\":\"Acrobat Reader versiones 2020.012.20048 (y anteriores), 2020.001.30005 (y anteriores) y 2017.011.30175 (y anteriores) est\u00e1n afectadas por una vulnerabilidad de comprobaci\u00f3n de entrada al decodificar un c\u00f3dec dise\u00f1ado que podr\u00eda resultar en una divulgaci\u00f3n de memoria confidencial.\u0026#xa0;Un atacante podr\u00eda aprovechar esta vulnerabilidad para omitir mitigaciones como ASLR.\u0026#xa0;Una explotaci\u00f3n de este problema requiere una interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4},{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*\",\"versionEndIncluding\":\"20.001.30005\",\"matchCriteriaId\":\"FFF9FEEB-BA17-484C-BC81-A19A5363F06F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*\",\"versionEndIncluding\":\"17.011.30175\",\"matchCriteriaId\":\"F942D471-C285-496A-908B-45E5BCC66B50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*\",\"versionEndIncluding\":\"20.012.20048\",\"matchCriteriaId\":\"5D8BEE5A-4D08-4EC1-8126-5ADDF8E315BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*\",\"versionEndIncluding\":\"20.001.30005\",\"matchCriteriaId\":\"35912D0F-9492-47B3-A1B8-6D88115FF599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*\",\"versionEndIncluding\":\"17.011.30175\",\"matchCriteriaId\":\"FF5AF6C5-A98F-4A45-A757-E652B7A1F5AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*\",\"versionEndIncluding\":\"20.012.20048\",\"matchCriteriaId\":\"FD0E32F7-E377-41D5-A10C-5EB041FD02D4\"}]}]}],\"references\":[{\"url\":\"https://helpx.adobe.com/security/products/acrobat/apsb20-67.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.