CVE-2023-44340: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability identified as CVE-2023-44340. The vulnerability was discovered and reported on September 28, 2023, affecting both Windows and MacOS operating systems. This security flaw could potentially lead to the disclosure of sensitive memory information (NVD, CVE Mitre).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that occurs when the software handles a maliciously crafted PDF file. The severity is rated as MEDIUM with a CVSS v3.1 base score of 5.5 (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). The vulnerability requires local access and user interaction for successful exploitation (NVD, FortiGuard).

If successfully exploited, this vulnerability could lead to the disclosure of sensitive memory information and potentially allow attackers to bypass security mitigations such as Address Space Layout Randomization (ASLR). The impact is primarily focused on confidentiality, with no direct effect on integrity or availability of the system (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to apply the most recent upgrade or patch from the vendor. For Adobe Acrobat Reader DC Classic, users should update to versions newer than 20.005.30524, and for the continuous track, versions newer than 23.006.20360 (FortiGuard).