CVE-2024-20730: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

An integer overflow vulnerability (CVE-2024-20730) was discovered in Adobe Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier. The vulnerability exists in the font file processing functionality, specifically in the handling of CPAL (Color Palette) tables in embedded OpenType fonts. This vulnerability was discovered by KPC of Cisco Talos and publicly disclosed on February 15, 2024 (Talos Report, Adobe Advisory).

The vulnerability occurs in the processing of CPAL (Color Palette) table within OpenType font files embedded in PDFs. The issue arises when calculating buffer sizes using the product of numPaletteEntries and numPalettes fields from the CPAL table header. When this calculation (4 * numPaletteEntries * numPalettes) exceeds 0xFFFFFFFF, it causes an integer overflow, resulting in a buffer allocation with an invalid size. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (Talos Report).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The vulnerability allows attackers to write arbitrary data adjacent to heap memory, potentially leading to memory corruption and code execution. However, exploitation requires user interaction as the victim must open a malicious PDF file (Talos Report).

Adobe has released patches to address this vulnerability. Users should update to the latest version of Adobe Acrobat Reader. The fix was released as part of Adobe's security bulletin APSB24-07 (Adobe Advisory).