CVE-2023-21606: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier), and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability. The vulnerability was discovered and reported to Adobe on October 28, 2022, and was publicly disclosed on January 18, 2023. This security flaw specifically affects the processing of embedded fonts in PDF documents (ZDI Advisory, NVD Database).

The vulnerability is classified as an out-of-bounds write (CWE-787) issue that occurs during font parsing in Adobe Acrobat Reader DC. The specific flaw exists within the processing of embedded fonts, where crafted data in a font can trigger a write past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. An attacker can leverage this vulnerability to execute code in the context of the current process, potentially gaining control over the affected system (NVD Database).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat Reader installations to the latest version that includes the security fix (Adobe Advisory).