Description
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-23
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe Acrobat and Reader contain an out‑of‑bounds read flaw that allows a malicious document to read memory beyond the intended buffer, exposing sensitive information. The vulnerability is triggered when a user opens a crafted file; it does not lead to code execution or denial of service, but it can leak private data that the victim’s system holds at runtime. The weakness is a Classic Buffer Overread (CWE‑125).

Affected Systems

Affected versions include Adobe Acrobat and Reader 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. All releases within the Adobe:Acrobat Reader product line that fall into these version ranges are impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the vulnerability is not listed in CISA’s KEV catalog. The EPSS score is unavailable, suggesting limited known exploitation activity. Exploitation requires the victim to open a malicious PDF, making the attack dependent on social engineering or compromised environments. The main risk is a confidentiality breach through memory disclosure rather than active compromise.

Generated by OpenCVE AI on June 24, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe Acrobat and Reader to the latest version that removes the out‑of‑bounds read flaw, ensuring the installed release is newer than the vulnerable versions listed above.
  • If a timely upgrade is not possible, remove or disable the affected Acrobat Reader binaries from the system.
  • Configure the environment to block or quarantine opening of PDF files from untrusted sources, and consider disabling JavaScript or scripting features within the reader to reduce the chance of data exposure.

Generated by OpenCVE AI on June 24, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe acrobat Reader
Vendors & Products Adobe
Adobe acrobat Reader

Tue, 23 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Acrobat Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-23T18:29:20.378Z

Reserved: 2020-03-02T00:00:00.000Z

Link: CVE-2020-9713

cve-icon Vulnrichment

Updated: 2026-06-23T18:29:10.055Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T10:30:14Z

Weaknesses