CVE-2023-21614: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. The vulnerability was discovered and reported on October 28, 2022, and was publicly disclosed on January 18, 2023 (ZDI Advisory).

The vulnerability (CVE-2023-21614) is an out-of-bounds read flaw that exists within the processing of embedded fonts in Adobe Acrobat Reader DC. When processing crafted data in a font, it can trigger a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS score of 3.3 with vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (ZDI Advisory).

If exploited, this vulnerability could lead to the disclosure of sensitive memory information. An attacker could leverage this vulnerability to bypass security mitigations such as ASLR (Address Space Layout Randomization). The vulnerability could potentially be used in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (CVE Mitre).

Adobe has issued an update to correct this vulnerability. Users should update to the latest version of Adobe Acrobat Reader to protect against this vulnerability (ZDI Advisory).