CVE-2022-35676

Name of the Vulnerable Software and Affected Versions Adobe FrameMaker versions 2019 Update 8 and earlier Adobe FrameMaker versions 2020 Update 4 and earlier

Description The issue is related to a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file. This allows an attacker to potentially execute arbitrary code using a specially crafted malicious file.

Recommendations For Adobe FrameMaker versions 2019 Update 8 and earlier, update to a version later than Update 8 to resolve the issue. For Adobe FrameMaker versions 2020 Update 4 and earlier, update to a version later than Update 4 to resolve the issue. As a temporary workaround, consider avoiding the use of SVG files from untrusted sources until a patch is available.