Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader DC
CVE-2022-44515

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Acrobat Reader
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2022-44515 is a critical out-of-bounds read vulnerability affecting Adobe Acrobat Reader DC versions 22.001.20085 and earlier, 20.005.3031x and earlier, and 17.012.30205 and earlier. This vulnerability arises when Acrobat Reader processes a specially crafted file, potentially leading to read operations beyond the allocated memory boundaries. Such exploitation could enable attackers to bypass security mechanisms like Address Space Layout Randomization (ASLR). Importantly, for an attack to be successful, user interaction is required, as the targeted individual must open a malicious file. Users are advised to update their Acrobat Reader to the latest version to mitigate the risks associated with this vulnerability. For additional details, refer to Adobe's security advisory.

Affected Version(s)

Acrobat Reader 0 <= 17.012.30205

References

https://helpx.adobe.com/security/products/acrobat/apsb22-...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2024

Collectors

NVD DatabaseMitre Database