Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability
CVE-2022-28835

7.8HIGH

Key Information:

Vendor: Adobe
Status: Incopy
Vendor: CVE Published:; 11 September 2023

What is CVE-2022-28835?

Adobe InCopy versions 17.1 and 16.4.1, along with earlier releases, are susceptible to a Use-After-Free vulnerability. This security flaw allows an attacker to execute arbitrary code within the context of the affected user’s environment. The exploitation of this vulnerability requires user interaction, specifically through the opening of a specially crafted malicious file. Users are strongly advised to update to the latest versions to mitigate the risk of this vulnerability.

Affected Version(s)

InCopy 0 <= 17.1

References

https://helpx.adobe.com/security/products/incopy/apsb22-2...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2023
Vulnerability Reserved
Apr 8, 2022