CVE-2023-44338: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

CVE-2023-44338 is an out-of-bounds read vulnerability affecting Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) for both Windows and macOS platforms. The vulnerability was disclosed on November 14, 2023, and involves a flaw in parsing crafted PDF files that could result in a read past the end of an allocated memory structure (NVD, ZDI).

The vulnerability exists within the handling of Annotation objects in Adobe Acrobat Reader. The issue stems from improper validation of user-supplied data, which can result in an out-of-bounds read of allocated memory. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-125 (Out-of-bounds Read) (ZDI, NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user, potentially leading to unauthorized access to sensitive information. The attack requires user interaction, specifically opening a malicious PDF file (Fortiguard, NVD).

Adobe has released security updates to address this vulnerability. Users are advised to apply the most recent upgrade or patch available from Adobe to protect against potential exploitation (Fortiguard).