CVE-2022-28819

Name of the Vulnerable Software and Affected Versions Adobe Character Animator versions 4.4.2 and earlier Adobe Character Animator versions 22.3 and earlier

Description The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious SVG file. This allows an attacker to execute arbitrary code by using a specially crafted SVG file.

Recommendations For Adobe Character Animator versions 4.4.2 and earlier, avoid opening malicious SVG files until a patch is available. For Adobe Character Animator versions 22.3 and earlier, consider restricting the use of SVG file parsing functionality until a fix is provided. As a temporary workaround, consider disabling the SVG file parsing feature in Adobe Character Animator until an update is released.