Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader DC Products
CVE-2022-44517

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: Acrobat Reader
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2022-44517 is a high-risk out-of-bounds read vulnerability identified in Adobe Acrobat Reader DC. This vulnerability affects version 22.001.20085 and earlier, version 20.005.3031x and earlier, as well as version 17.012.30205 and earlier. It occurs when the application processes a specially crafted file, potentially allowing an attacker to read data beyond the allocated memory area. Exploitation of this vulnerability could enable attackers to bypass important security mitigations like Address Space Layout Randomization (ASLR). It is important to note that successful exploitation requires user interaction, specifically, the victim must open a malicious file. Users are advised to update to the latest version to mitigate risks.

Affected Version(s)

Acrobat Reader 0 <= 17.012.30205

References

https://helpx.adobe.com/security/products/acrobat/apsb22-...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2024