CVE-2022-44519

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader DC versions 17.012.30205 and earlier Adobe Acrobat Reader DC versions 20.005.3031x and earlier Adobe Acrobat Reader DC versions 22.001.20085 and earlier Adobe Acrobat 2017 (affected versions not specified) Adobe Acrobat 2020 (affected versions not specified)

Description The issue is related to a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction, in that a victim must open a malicious file.

Recommendations For Adobe Acrobat Reader DC versions 17.012.30205 and earlier, update to a version later than 17.012.30205. For Adobe Acrobat Reader DC versions 20.005.3031x and earlier, update to a version later than 20.005.3031x. For Adobe Acrobat Reader DC versions 22.001.20085 and earlier, update to a version later than 22.001.20085. For Adobe Acrobat 2017 and Adobe Acrobat 2020, update to the latest version to protect against potential exploits. As a temporary workaround, consider avoiding the use of the vulnerable Annotation Highlight popup feature until a patch is available. Restrict access to malicious files to minimize the risk of exploitation.