CVE-2023-38232: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability identified as CVE-2023-38232. The vulnerability was discovered and reported to Adobe on June 7, 2023, and was publicly disclosed on August 14, 2023. This security flaw specifically affects Adobe Acrobat Reader DC's font parsing functionality (ZDI Advisory, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs during the parsing of embedded fonts. The issue stems from inadequate validation of user-supplied data, which can result in a read operation past the end of an allocated object. The vulnerability has received varying CVSS scores: Adobe Systems assigned it a base score of 5.5 (Medium) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, while Zero Day Initiative assessed it at 3.3 with vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (NVD, ZDI Advisory).

The exploitation of this vulnerability could lead to the disclosure of sensitive memory information. More significantly, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR). When combined with other vulnerabilities, this could potentially enable arbitrary code execution in the context of the current process (NVD, ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat Reader installations to the latest version available through the official Adobe security advisory (Adobe Advisory).