PT-2022-16463 · Adobe · Acrobat Reader
Published
2022-04-12
·
Updated
2022-05-18
·
CVE-2022-24101
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Acrobat Reader DC versions 20.001.20085 and earlier
Acrobat Reader DC versions 20.005.3031x and earlier
Acrobat Reader DC versions 17.012.30205 and earlier
Description
A use-after-free vulnerability could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction, where a victim must open a malicious file.
Recommendations
For versions 20.001.20085 and earlier, update to a version later than 20.001.20085 to resolve the issue.
For versions 20.005.3031x and earlier, update to a version later than 20.005.3031x to resolve the issue.
For versions 17.012.30205 and earlier, update to a version later than 17.012.30205 to resolve the issue.
As a temporary workaround, consider avoiding the use of the affected Annotation feature in Acrobat Reader DC until a patch is available.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader