PT-2022-18580 · Adobe · Acrobat Reader
Published
2022-04-12
·
Updated
2022-05-18
·
CVE-2022-27786
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Acrobat Reader DC versions 22.001.20085 and earlier
Acrobat Reader DC versions 20.005.3031x and earlier
Acrobat Reader DC versions 17.012.30205 and earlier
Description
A use-after-free vulnerability in the processing of fonts could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file.
Recommendations
For versions 22.001.20085 and earlier, update to a version that fixes the use-after-free vulnerability in font processing.
For versions 20.005.3031x and earlier, update to a version that fixes the use-after-free vulnerability in font processing.
For versions 17.012.30205 and earlier, update to a version that fixes the use-after-free vulnerability in font processing.
As a temporary workaround, consider avoiding the opening of files from untrusted sources to minimize the risk of exploitation.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader