CVE-2023-38239: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability. The vulnerability was discovered and reported on May 26, 2023, and was publicly disclosed on August 14, 2023. This security flaw specifically affects Adobe Acrobat Reader DC and its font parsing functionality (ZDI Advisory, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs within the parsing of embedded fonts. The issue stems from inadequate validation of user-supplied data, which can result in a read past the end of an allocated object. The vulnerability has been assigned a CVSS 3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

This vulnerability could lead to the disclosure of sensitive memory information. More critically, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR). The impact is primarily focused on confidentiality, with no direct effect on integrity or availability (CVE Details).

Adobe has released security updates to address this vulnerability. Users should update their Adobe Acrobat Reader installations to versions newer than 23.003.20244 for the continuous track or 20.005.30467 for the classic track (Adobe Advisory).