Login Sign Up

CVE-2024-30302

5.5 MEDIUM

📋 TL;DR

CVE-2024-30302 is a use-after-free vulnerability in Adobe Acrobat Reader that could allow an attacker to read sensitive memory contents and bypass ASLR protections. This affects users of Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier. Exploitation requires the victim to open a malicious PDF file.

💻 Affected Systems

Products:
  • Adobe Acrobat Reader DC
  • Adobe Acrobat Reader
Versions: 20.005.30539 and earlier, 23.008.20470 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. Requires user interaction to open malicious PDF.

📦 What is this software?

Acrobat by Adobe

View all CVEs affecting Acrobat →

Acrobat Dc by Adobe

View all CVEs affecting Acrobat Dc →

Acrobat Reader by Adobe

View all CVEs affecting Acrobat Reader →

Acrobat Reader Dc by Adobe

View all CVEs affecting Acrobat Reader Dc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could bypass ASLR and combine this with other vulnerabilities to achieve remote code execution, potentially compromising the entire system.

🟠

Likely Case

Information disclosure allowing attackers to read sensitive memory contents, which could be used to facilitate more sophisticated attacks.

🟢

If Mitigated

Limited to information disclosure only, with no direct code execution if proper memory protections are in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but PDFs are commonly shared via email and web.
🏢 Internal Only: MEDIUM - Same exploitation requirements apply internally; risk depends on user behavior and file sharing practices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious PDF). The vulnerability bypasses ASLR but additional vulnerabilities would be needed for full exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20.005.30554 or 23.008.20476 and later

Vendor Advisory: https://helpx.adobe.com/security/products/acrobat/apsb24-07.html

Restart Required: Yes

Instructions:

1. Open Adobe Acrobat Reader. 2. Go to Help > Check for Updates. 3. Follow prompts to install available updates. 4. Restart the application.

🔧 Temporary Workarounds

Disable JavaScript in PDFs

all

Prevents JavaScript execution in PDF files which may be used in exploitation chains

Edit > Preferences > JavaScript > Uncheck 'Enable Acrobat JavaScript'

Use Protected View

all

Open untrusted PDFs in Protected View mode to limit potential damage

File > Properties > Security > Enable Protected View for untrusted files

🧯 If You Can't Patch

  • Restrict PDF file opening to trusted sources only
  • Implement application whitelisting to prevent unauthorized PDF readers

🔍 How to Verify

Check if Vulnerable:

Check Help > About Adobe Acrobat Reader DC. If version is 20.005.30539 or earlier, or 23.008.20470 or earlier, you are vulnerable.

Check Version:

On Windows: wmic product where "name like 'Adobe Acrobat Reader%'" get version

Verify Fix Applied:

Verify version is 20.005.30554 or later, or 23.008.20476 or later after applying updates.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes in Acrobat Reader
  • Unusual memory access patterns in system logs

Network Indicators:

  • PDF downloads from suspicious sources
  • Unexpected outbound connections after PDF opening

SIEM Query:

source="*acrobat*" AND (event_type="crash" OR event_type="exception")

📊 Metadata

CVE ID: CVE-2024-30302
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-416
Published: May 2, 2024
Last Updated: December 2, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30302, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)