CVE-2023-38229: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability identified as CVE-2023-38229. The vulnerability was initially reported on June 1, 2023, and was publicly disclosed on August 14, 2023. This security flaw affects both Adobe Acrobat and Acrobat Reader DC products across Windows and macOS platforms (NVD, ZDI).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs during the parsing of embedded fonts. The issue stems from inadequate validation of user-supplied data, which can result in a read past the end of an allocated object. The vulnerability has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating its serious nature (NVD, ZDI).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The flaw could potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (NVD, ZDI).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat and Reader installations to the latest versions available through the official Adobe security bulletin (Adobe Advisory).