Use-after-free Vulnerability in Adobe Acrobat Reader DC
CVE-2022-44520

7.8HIGH

Key Information:

Vendor: Adobe
Status: Acrobat Reader
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2022-44520 identifies a critical use-after-free vulnerability present in Adobe Acrobat Reader DC versions 22.001.20085 and earlier, including versions 20.005.3031x and 17.012.30205. This vulnerability poses a significant risk as it allows for arbitrary code execution within the context of the current user when a malicious PDF file is opened. Exploitation of this vulnerability requires user interaction, meaning that a victim must inadvertently open a compromised file, potentially compromising their system. Adobe has provided security updates to mitigate this vulnerability, and it is highly recommended for users to update their software immediately to prevent possible exploitation.

Affected Version(s)

Acrobat Reader 0 <= 17.012.30205

References

https://helpx.adobe.com/security/products/acrobat/apsb22-...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2024

Collectors

NVD DatabaseMitre Database