CVE-2023-21581: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier), and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability identified as CVE-2023-21581. The vulnerability was disclosed on January 18, 2023, and affects both Windows and macOS operating systems (NVD Database).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that specifically occurs within the handling of embedded fonts. When processing crafted data in a font, it can trigger a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD Database, ZDI Advisory).

The vulnerability could lead to disclosure of sensitive memory information and potentially allow attackers to bypass security mitigations such as ASLR. An attacker could leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (NVD Database, ZDI Advisory).

Adobe has released security updates to address this vulnerability through the security bulletin APSB23-01. Users are advised to update to the latest version of Adobe Acrobat Reader to mitigate this vulnerability (Adobe Advisory).