CVE-2022-27794

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader DC versions 22.001.20085 and earlier Adobe Acrobat Reader DC versions 20.005.3031x and earlier Adobe Acrobat Reader DC versions 17.012.30205 and earlier

Description The issue arises from the use of an uninitialized variable when processing embedded fonts, potentially leading to arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a crafted .pdf file.

Recommendations For versions 22.001.20085 and earlier, consider disabling the font parsing functionality until a patch is available. For versions 20.005.3031x and earlier, restrict the opening of .pdf files from untrusted sources to minimize the risk of exploitation. For versions 17.012.30205 and earlier, avoid using the affected software to open .pdf files that may contain embedded fonts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.