CVE-2022-35675

Name of the Vulnerable Software and Affected Versions Adobe FrameMaker versions 2019 Update 8 and earlier Adobe FrameMaker versions 2020 Update 4 and earlier

Description The issue is related to a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file. This vulnerability is associated with the use of memory after it has been freed, which can be exploited by an attacker to execute arbitrary code using a specially crafted malicious file.

Recommendations For Adobe FrameMaker versions 2019 Update 8 and earlier, update to a version later than Update 8. For Adobe FrameMaker versions 2020 Update 4 and earlier, update to a version later than Update 4. As a temporary workaround, consider avoiding the use of SVG file parsing functionality until a patch is available.