A vulnerability, which was classified as problematic, has been found in Adobe Acrobat Reader up to 2015.006.30518/2017.011.30166/2020.006.20042 (Document Reader Software). Affected by this issue is an unknown code block. The manipulation with an unknown input leads to a null pointer dereference vulnerability. Using CWE to declare the problem leads to CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Impacted is availability. CVE summarizes:

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a null pointer vulnerability. Successful exploitation could lead to application denial-of-service.

The weakness was disclosed 05/12/2020 as APSB20-24 as confirmed security bulletin (Website). The advisory is available at helpx.adobe.com. This vulnerability is handled as CVE-2020-9610. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available.

Upgrading to version 2015.006.30523, 2017.011.30171 or 2020.009.20063 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

zdnet.com is providing further details. The entries 155343, 155344, 155345 and 155346 are pretty similar.

Productinfo

Type

• Document Reader Software

Vendor

• Adobe

Name

• Acrobat Reader

Version

• 2015.006.30518
• 2017.011.30166
• 2020.006.20042

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion