ByteOS Network

NVD Vulnerability Details :

CVE-2023-26369

Analyzed

Source-psirt@adobe.com

View Known Exploited Vulnerability (KEV) details

Published At-13 Sep, 2023 | 09:15

Updated At-23 Oct, 2025 | 14:51

Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2023-09-14	2023-10-05	Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-09-14

Due Date: 2023-10-05

Vulnerability Name: Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability

Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CPE Matches

Adobe Inc.

>>acrobat>>Versions from 20.001.3005(inclusive) to 20.005.30524(exclusive)

cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*

Adobe Inc.

>>acrobat_dc>>Versions from 15.007.20033(inclusive) to 23.006.20320(exclusive)

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*

Adobe Inc.

>>acrobat_reader>>Versions from 20.001.3005(inclusive) to 20.005.30524(exclusive)

cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*

Adobe Inc.

>>acrobat_reader_dc>>Versions from 15.007.20033(inclusive) to 23.006.20320(exclusive)

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*

Apple Inc.

>>macos>>-

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows>>-

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Secondary	psirt@adobe.com

CWE ID: CWE-787

Type: Secondary

Source: psirt@adobe.com

References

Hyperlink	Source	Resource
https://helpx.adobe.com/security/products/acrobat/apsb23-34.html	psirt@adobe.com	Vendor Advisory
https://helpx.adobe.com/security/products/acrobat/apsb23-34.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26369	134c704f-9b21-4f2e-91b3-4a467353bcc0	Third Party Advisory US Government Resource

Hyperlink: https://helpx.adobe.com/security/products/acrobat/apsb23-34.html

Source: psirt@adobe.com

Resource:

Vendor Advisory

Hyperlink: https://helpx.adobe.com/security/products/acrobat/apsb23-34.html

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-26369

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

Third Party Advisory

US Government Resource

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History