CVE-2023-26425: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file. The vulnerability was disclosed on April 12, 2023, and affects both the continuous and classic versions of Adobe Acrobat and Acrobat Reader DC (NVD, ZDI Advisory).

The vulnerability (CVE-2023-26425) is classified as an out-of-bounds read vulnerability (CWE-125) that occurs within the handling of Annotation objects. The flaw can be triggered by performing specific actions in JavaScript, which can cause a read past the end of an allocated memory structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD, ZDI Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The impact could result in complete compromise of the affected system, potentially leading to unauthorized access to sensitive information, system modifications, or further system exploitation (ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Acrobat and Reader DC to mitigate this security risk (Adobe Advisory).