PatchSiren cyber security CVE debrief
CVE-2020-9713 Adobe CVE debrief
CVE-2020-9713 is an out-of-bounds read vulnerability in Adobe Acrobat and Reader that could lead to disclosure of sensitive memory. The vulnerability affects various versions of Adobe Acrobat and Reader, including 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. An attacker could leverage this vulnerability to disclose sensitive information, requiring user interaction to open a malicious file. The CVSS score for this vulnerability is 5.5, with a severity rating of MEDIUM. Adobe has released a vendor advisory (APSB20-48) to address this issue.
- Vendor
- Adobe
- Product
- Acrobat Reader
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-26
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-26
Who should care
Organizations and individuals using Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier should be aware of this vulnerability and take necessary precautions. This includes applying patches or updates provided by Adobe and exercising caution when opening files from unknown sources.
Technical summary
The CVE-2020-9713 vulnerability is an out-of-bounds read issue in Adobe Acrobat and Reader. This type of vulnerability occurs when a program reads data from a memory location outside the bounds of an allocated buffer. In this case, an attacker could craft a malicious file that, when opened, would trigger the out-of-bounds read, potentially disclosing sensitive memory contents. The vulnerability requires user interaction, as the victim must open the malicious file. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating a local attack vector with low attack complexity and no privileges required.
Defensive priority
Apply patches or updates provided by Adobe to vulnerable versions of Acrobat and Reader. Exercise caution when opening files from unknown sources, and consider implementing security controls to detect and prevent the distribution of malicious files.
Recommended defensive actions
- Apply patches or updates provided by Adobe to vulnerable versions of Acrobat and Reader.
- Exercise caution when opening files from unknown sources.
- Implement security controls to detect and prevent the distribution of malicious files.
- Monitor systems for suspicious activity related to Adobe Acrobat and Reader.
- Consider implementing compensating controls, such as restricting access to sensitive data or using alternative software.
Evidence notes
The CVE-2020-9713 vulnerability is documented in the official CVE record and the NVD detail page. Adobe has released a vendor advisory (APSB20-48) to address this issue. The vulnerability affects various versions of Adobe Acrobat and Reader, and an attacker could leverage it to disclose sensitive information.
Official resources
-
CVE-2020-9713 CVE record
CVE.org
-
CVE-2020-9713 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
This article is AI-assisted and based on the supplied source corpus.