从这张Talos Vulnerability Report的网页截图中,可以获取到以下关于漏洞的关键信息: Summary CVE: CVE-2024-20735 Vulnerability Type: Out-of-bounds read Affected Software: Adobe Acrobat Reader 2023.006.20380 Impact: An attacker can disclose sensitive information by tricking the user into opening a malicious PDF file. Confirmed Vulnerable Versions Adobe Acrobat Reader 2023.006.20380 Product URLs Adobe Acrobat Reader: https://acrobat.adobe.com/us/en/acrobat/pdf-reader.html CVSS v3 Score CWE CWE-125: Out-of-bounds Read Details Description: The vulnerability is related to the font file processing functionality within Adobe Acrobat Reader. It can be triggered by a specially crafted font file. Technical Details: The code responsible for processing the CPAL table is analyzed in detail. PoC Exploitation: Includes assembly code snippets of the vulnerable and exploited code. Timeline 2023-12-19: Vendor Disclosure 2024-02-13: Vendor Patch Release 2024-02-15: Public Release Credit Discovered by KPC of Cisco Talos These key points summarize the vulnerability, its impact, and the steps taken to address it.