Use-After-Free Vulnerability in Adobe Acrobat Reader DC Affecting Multiple Versions
CVE-2022-44518

7.8HIGH

Key Information:

Vendor: Adobe
Status: Acrobat Reader
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2022-44518 is a critical use-after-free vulnerability identified in Adobe Acrobat Reader DC, impacting versions 22.001.20085 and earlier, as well as 20.005.3031x and earlier, and 17.012.30205 and earlier. This vulnerability could allow an attacker to execute arbitrary code on the affected system in the context of the current user. Exploitation of the vulnerability necessitates user interaction, as it requires that a victim opens a specifically crafted malicious file. Users are urged to apply recommended updates to mitigate any security risks associated with this vulnerability.

Affected Version(s)

Acrobat Reader 0 <= 17.012.30205

References

https://helpx.adobe.com/security/products/acrobat/apsb22-...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2024

Collectors

NVD DatabaseMitre Database