CVE-2023-38230: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. The vulnerability was discovered and reported to Adobe on June 1, 2023, and was publicly disclosed on August 14, 2023. This security flaw affects both Adobe Acrobat and Adobe Reader applications across multiple versions (NVD, ZDI Advisory).

The vulnerability (CVE-2023-38230) is classified as a Use-After-Free (CWE-416) vulnerability that specifically occurs during the parsing of embedded fonts. The issue stems from the lack of validation of an object's existence before performing operations on it. The vulnerability has received a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access is required with user interaction (NVD).

If successfully exploited, this vulnerability could lead to the disclosure of sensitive memory information. More significantly, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR). The impact is particularly concerning as it could be used in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (NVD, ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat and Reader installations to the latest versions that include the security fix (Adobe Advisory).