PT-2022-6422 · Adobe · Acrobat+3
Published
2022-10-11
·
Updated
2022-10-18
·
CVE-2022-38437
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Acrobat versions prior to 22.002.20212
Adobe Acrobat Reader versions prior to 22.002.20212
Adobe Acrobat 2020 versions prior to 20.005.30381
Adobe Acrobat Reader 2020 versions prior to 20.005.30381
Description
The issue is related to a use-after-free vulnerability that could lead to the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction, where a victim must open a malicious file. This could potentially allow an attacker to reveal protected information using a specially crafted file.
Recommendations
For Adobe Acrobat versions prior to 22.002.20212, update to version 22.002.20212 or later to resolve the issue.
For Adobe Acrobat Reader versions prior to 22.002.20212, update to version 22.002.20212 or later to resolve the issue.
For Adobe Acrobat 2020 versions prior to 20.005.30381, update to version 20.005.30381 or later to resolve the issue.
For Adobe Acrobat Reader 2020 versions prior to 20.005.30381, update to version 20.005.30381 or later to resolve the issue.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat
Acrobat 2020
Acrobat Reader
Acrobat Reader 2020