TRY NOW
Vulnerability

Adobe Fixes 19 Critical Vulnerabilities Across 4 Products

4 min. read
10/08/2023
By Laura Libeer
Adobe Vulnerability

⚡ TL;DR | Go Straight to the Adobe Acrobat Vulnerability Audit Report

Adobe has released a series of security updates for Adobe Acrobat and Reader, Commerce, Dimension, and XMP Toolkit. The updates address a total of 37 vulnerabilities that range in severity from moderate to critical. Successful exploitation of these vulnerabilities could lead to all kinds of issues like arbitrary code execution, application denial of service, privilege escalation, memory leak, and more. We have added a new report to Lansweeper to help you locate vulnerable installations.

Affected Adobe Software and Fixed Versions

Adobe released updates for 4 of its products: Acrobat and Reader, Commerce, Dimension, and XMP Toolkit. We’ve broken down the updates by product below with an overview of the affected and fixed versions. You can find a full overview of all vulnerabilities addressed below.

Adobe Acrobat and Reader

The updates to Adobe Acrobat and Reader for Windows and macOS are the largest and address 30 vulnerabilities, 16 of which are critical. These vulnerabilities could lead to application denial-of-service, security feature bypass, memory leak, and arbitrary code execution . Detailed update instructions can be found on Adobe’s bulletin.

ProductTrackAffected versionUpdated Version
Acrobat DCContinuous23.003.20244 and earlier versions23.003.20269
Acrobat Reader DCContinuous23.003.20244 and earlier versions23.003.20269
Acrobat 2020Classic 202020.005.30467 and earlier versions20.005.30516.10516 for Mac
20.005.30514.10514 for Windows
Acrobat Reader 2020Classic 202020.005.30467 and earlier versions20.005.30516.10516 for Mac
20.005.30514.10514 for Windows

Based on this list of affected products and versions shared by Adobe, we have created a special Lansweeper report that will provide a list of all installations in your environment that could be affected by these vulnerabilities.

Adobe Commerce

3 vulnerabilities were patched in Adobe Commerce and Magento Open Source for all platforms, 1 of which is critical. Successful exploitation of these issues could lead to arbitrary code execution, privilege escalation, and arbitrary file system read. Please note that in the table below, the products marked with an * are available to customers in the extended support program.

ProductAffected versionUpdated VersionInstallation Instructions
Adobe Commerce2.4.6-p1 and earlier
2.4.5-p3 and earlier
2.4.4-p4 and earlier
2.4.3-ext-3 and earlier*
2.4.2-ext-3 and earlier*
2.4.1-ext-3 and earlier*
2.4.0-ext-3 and earlier*
2.3.7-p4-ext-3 and earlier*
2.4.6-p2 for 2.4.6 and earlier
2.4.5-p4 for 2.4.5-p3 and earlier
2.4.4-p5 for 2.4.4-p3 and earlier
2.4.3-ext-4 for 2.4.3-ext-2 and earlier*
2.4.2-ext-4 for 2.4.2-ext-2 and earlier*
2.4.1-ext-4 for 2.4.1-ext-2 and earlier*
2.4.0-ext-4 for 2.4.0-ext-2 and earlier*
2.3.7-p4-ext-4 for 2.3.7-p4-ext-2 and earlier*
2.4.x release notes
Magento Open Source2.4.6-p1 and earlier
2.4.5-p3 and earlier
2.4.4-p4 and earlier
2.4.6-p2 for 2.4.6 and earlier
2.4.5-p4 for 2.4.5-p3 and earlier
2.4.4-p5 for 2.4.4-p3 and earlier

Adobe Dimension 

In Adobe Dimension for Windows and macOS, 3 vulnerabilities were fixed, including 2 critical ones. Adobe recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. You can find more information on their help page.

ProductAffected versionUpdated VersionAvailability
Adobe Dimension3.4.9 and earlier versions 3.4.10 Download center

Adobe XMP Toolkit SDK

1 more important vulnerability was fixed in Adobe XMP Toolkit SDK for all platforms. Exploitation could lead to application denial of service. Adobe recommends that you update your installation to the newest version.

ProductAffected versionUpdated VersionsAvailability
Adobe XMP-Toolkit-SDK2022.06 and earlier versions2023.07Release notes

Discover Vulnerable Adobe Installations

Just like we did for the Adobe Acrobat (Reader) vulnerabilities above, you can use Lansweeper to discover any installs of the vulnerable Adobe products and versions in your network. This way you have an actionable list of devices and software that might require a patch.

Adobe Security Update August 2023 CVE Codes & Categories

CVE number(s)Vulnerability CategoryCVSS base score
CVE-2023-29320Improper Access Control8.6
CVE-2023-29299Improper Input Validation5.6
CVE-2023-29303Use After Free5.5
CVE-2023-38222Use After Free7.8
CVE-2023-38223Access of Uninitialized Pointer7.8
CVE-2023-38224Use After Free7.8
CVE-2023-38225Use After Free7.8
CVE-2023-38226Access of Uninitialized Pointer7.8
CVE-2023-38227Use After Free7.8
CVE-2023-38228Use After Free7.8
CVE-2023-38229Out-of-bounds Read7.8
CVE-2023-38230Use After Free7.8
CVE-2023-38231Out-of-bounds Write7.8
CVE-2023-38232Out-of-bounds Read7.8
CVE-2023-38233Out-of-bounds Write7.8
CVE-2023-38234Access of Uninitialized Pointer7.8
CVE-2023-38235Out-of-bounds Read7.8
CVE-2023-38236Out-of-bounds Read5.5
CVE-2023-38237Out-of-bounds Read5.5
CVE-2023-38238Use After Free4.0
CVE-2023-38239Out-of-bounds Read5.5
CVE-2023-38240Out-of-bounds Read5.5
CVE-2023-38241Out-of-bounds Read5.5
CVE-2023-38242Out-of-bounds Read5.5
CVE-2023-38243Use After Free5.5
CVE-2023-38244Out-of-bounds Read5.5
CVE-2023-38245Improper Input Validation6.1
CVE-2023-38246Access of Uninitialized Pointer7.8
CVE-2023-38247Out-of-bounds Read3.3
CVE-2023-38248Out-of-bounds Read3.3
CVE-2023-38207CVE-2023-382075.3
CVE-2023-38208Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)9.1
CVE-2023-38209Improper Access Control6.5
CVE-2023-38211Use After Free7.8
CVE-2023-38212Heap-based Buffer Overflow7.8
CVE-2023-38213Out-of-bounds Read3.3
CVE-2023-38210Uncontrolled Resource Consumption5.5
NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.