Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader DC

CVE-2022-44516

5.5MEDIUM

Key Information

Vendor: Adobe
Status: Acrobat Reader
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2022-44516 is a significant out-of-bounds read vulnerability affecting multiple versions of Adobe Acrobat Reader DC. This flaw arises when the software improperly parses specially crafted files, leading to potential read operations beyond the allocated memory boundaries. Attackers can exploit this vulnerability to bypass security mechanisms such as Address Space Layout Randomization (ASLR). However, successful exploitation requires user interaction, as the victim must open a maliciously crafted file. Users of affected versions should take immediate steps to update their software and mitigate the risk associated with this vulnerability.

Affected Version(s)

Acrobat Reader <= 17.012.30205

Refferences

https://helpx.adobe.com/security/products/acrobat/apsb22-...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2024

Collectors

NVD DatabaseMitre Database