CVE-2022-44516

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 78.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader +1 more

Timeline

PublishedDec 19

Description

Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶NVDadobe/acrobat_reader17.011.30059 — 17.012.30229+3

▶NVDadobe/acrobat_reader_dc22.001.20085 — 22.001.20117+1

▶CVEListV5adobe/acrobat_reader17.012.30205

▶NVDadobe/acrobat17.011.30059 — 17.012.30229+3

▶NVDadobe/acrobat_dc22.001.20085 — 22.001.20117+1

🔴Vulnerability Details

GHSA

GHSA-c8rc-rxc2-r2r2: Acrobat Reader DC version 22↗2024-12-19

▶

CVEList

Acrobat Reader | Out-of-bounds Read (CWE-125)↗2024-12-18

▶