CVE-2022-35677

Name of the Vulnerable Software and Affected Versions Adobe FrameMaker versions 2019 Update 8 and earlier Adobe FrameMaker versions 2020 Update 4 and earlier

Description The issue is related to a heap-based buffer overflow in Adobe FrameMaker, which could allow an attacker to execute arbitrary code by using a specially crafted malicious file. Exploitation of this issue requires user interaction, where a victim must open the malicious file, potentially leading to code execution in the context of the current user.

Recommendations For Adobe FrameMaker versions 2019 Update 8 and earlier, update to a version later than Update 8 to resolve the issue. For Adobe FrameMaker versions 2020 Update 4 and earlier, update to a version later than Update 4 to resolve the issue. As a temporary workaround, consider avoiding the use of SVG file parsing in Adobe FrameMaker until a patch is available.