CVE-2024-41869
ENISA EUVD: EUVD-2024-39246 ↗
✓ Confirmed 0-Day
Triaged: March 5, 2026
2 articles
Published: 2024-09-13
EPSS Score
Source: FIRST.org · 2026-05-23
0.92%
probability
This CVE has a 0.92% probability
of being exploited in the next 30 days.
0%
Top 76.2th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Affected Products
Adobe
Acrobat Reader
0
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-825
· Expired Pointer Dereference
https://helpx.adobe.com/security/products/acrobat/apsb24-70.html
vendor-advisory
Signal Intelligence
Confidence
85%
EPSS
0.92%
CVSS v3.1
7.8
Mentions
2
Last Seen
Sep 12, 2024
CNA Information
CNA Assigner
adobe
CNA Title
Acrobat Reader | Use After Free (CWE-416)
Analyst Note
BleepingComputer explicitly identifies CVE-2024-41869 as an Adobe Acrobat Reader zero-day with public PoC exploit available, indicating active exploitation. The 2024 CVE year combined with explicit zero-day designation and public exploit availability strongly supports confirmation of active exploitation coinciding with or preceding patch release.
Triage Info
Decided atMar 05, 2026
Published DateSep 13, 2024