CVE-2023-38243: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. The vulnerability was discovered and reported on June 8, 2023, and publicly disclosed on August 8, 2023. This security flaw specifically affects Adobe Acrobat and Reader applications across both Windows and macOS platforms (Adobe Advisory, NVD).

The vulnerability is classified as a Use-After-Free (CWE-416) flaw that exists within the parsing of JBIG2 files. The issue stems from the lack of validating the existence of an object prior to performing operations on it. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access is required with user interaction (ZDI Advisory).

When exploited, this vulnerability could lead to the disclosure of sensitive memory information. An attacker could leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR). The impact is particularly concerning as it could potentially be used in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Acrobat and Reader installations to the latest versions available through the official Adobe update channels (Adobe Advisory).