The Cisco Talos Research Group has recently reported a vulnerability in the Miniaudio library and Adobe Acrobat Reader software. The vulnerability includes the potential for code execution and leakage of confidential information.
The vulnerability dubbed Talos-2024-2063 (cve-2024-41147) was discovered in the Miniaudio library by Cisco Talos specialist Emmanuel Tasho. The issue arises from a lack of memory size validation, leading to buffer overflow and potential memory corruption.
A specially crafted FLAC file can trigger this vulnerability, causing memory damage. Given that Miniaudio is widely used for audio processing in the C language, this vulnerability could be exploited for various malicious purposes.
Furthermore, another Cisco Talos researcher, identified as KPC, found three vulnerabilities in Adobe Acrobat Reader. Talos-2025-2134 (cve-2025-27163) and Talos-2025-2136 (cve-2025-27164) involve out-of-bounds read issues in the font processing mechanism, potentially leading to data leakage.
Talos-2025-2135 (cve-2025-27158) is a more severe vulnerability related to a dangling pointer, which could result in memory corruption and arbitrary code execution. Attackers would need to entice users to open a PDF file with a malicious font to exploit this vulnerability.
Both Miniaudio and Adobe have released patches to address these vulnerabilities. Users are advised to update their software to the latest versions to prevent potential attacks. Cisco Talos experts recommend utilizing updated Snort rules to detect any exploitation attempts of these vulnerabilities.