CVE-2024-49532 – Adobe Acrobat Reader has an out-of-bounds read ... (How to Fix)

Q: What is the severity of CVE-2024-49532?

CVE-2024-49532 has a CVSS score of 5.5 (MEDIUM). Adobe Acrobat Reader has an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents, potentially bypassing ASLR protections. This affects users who open malicious PDF files. The vulnerability impacts multiple versions across different release tracks.

📋 TL;DR

Adobe Acrobat Reader has an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents, potentially bypassing ASLR protections. This affects users who open malicious PDF files. The vulnerability impacts multiple versions across different release tracks.

💻 Affected Systems

Products:

Adobe Acrobat Reader DC
Adobe Acrobat Reader

Versions: 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory disclosure leading to ASLR bypass enabling more severe follow-on attacks like remote code execution

🟠

Likely Case

Information disclosure of memory contents, potentially revealing sensitive data or system information

🟢

If Mitigated

Limited impact with proper file handling policies and user awareness training

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files from internet sources

🏢 Internal Only: LOW - Internal users would need to open malicious files from compromised internal sources

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and is typically used as part of multi-stage attacks

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 24.005.20308 or later for Continuous track, or 20.005.30731 or later for Classic track

Vendor Advisory: https://helpx.adobe.com/security/products/acrobat/apsb24-92.html

Restart Required: Yes

Instructions:

Open Adobe Acrobat Reader
Navigate to Help > Check for Updates
Follow prompts to install available updates
Restart application when prompted

🔧 Temporary Workarounds

Disable JavaScript in PDFs

all

Prevents JavaScript execution which could be used to trigger the vulnerability

Edit > Preferences > JavaScript > Uncheck 'Enable Acrobat JavaScript'

Use Protected View

all

Open untrusted PDFs in Protected View mode

File > Open > Select 'Protected View' option

🧯 If You Can't Patch

Implement application whitelisting to block unauthorized PDF readers
Use network/web filtering to block PDF downloads from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Help > About Adobe Acrobat Reader DC for version number

Check Version:

On Windows: wmic product where name="Adobe Acrobat Reader DC" get version

Verify Fix Applied:

Verify version is 24.005.20308 or higher (Continuous) or 20.005.30731 or higher (Classic)

📡 Detection & Monitoring

Log Indicators:

Multiple failed PDF parsing attempts
Unexpected Acrobat Reader crashes with memory access errors

Network Indicators:

PDF downloads from suspicious sources
Unusual outbound connections after PDF opening

SIEM Query:

source="*acrobat*" AND (event_type="crash" OR error="memory")

📊 Metadata

CVE ID: CVE-2024-49532

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: December 10, 2024

Last Updated: February 6, 2025

🔗 References

https://helpx.adobe.com/security/products/acrobat/apsb24-92.html Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2064 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49532, you might also want to check these: