PT-2022-18913 · Adobe · Acrobat Reader
Published
2022-04-12
·
Updated
2022-05-20
·
CVE-2022-28250
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Acrobat Reader DC versions 22.001.2011x and earlier
Acrobat Reader DC versions 20.005.3033x and earlier
Acrobat Reader DC versions 17.012.3022x and earlier
Description
The issue is a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction, where a victim must open a malicious file. This allows attackers to memory leak.
Recommendations
For versions 22.001.2011x and earlier, update to a version that fixes the use-after-free vulnerability.
For versions 20.005.3033x and earlier, update to a version that fixes the use-after-free vulnerability.
For versions 17.012.3022x and earlier, update to a version that fixes the use-after-free vulnerability.
As a temporary workaround, consider avoiding the opening of files from untrusted sources to minimize the risk of exploitation.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader