CVE-2022-28262

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

20 May 2022, 15:21

Type Values Removed Values Added
CPE cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.5
v2 : 4.3
v3 : 5.5
References (MISC) https://helpx.adobe.com/security/products/acrobat/apsb22-16.html - (MISC) https://helpx.adobe.com/security/products/acrobat/apsb22-16.html - Vendor Advisory
First Time Adobe acrobat
Adobe
Apple
Adobe acrobat Reader
Adobe acrobat Reader Dc
Adobe acrobat Dc
Apple macos
Microsoft
Microsoft windows

11 May 2022, 18:32

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-11 18:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-28262

Mitre link : CVE-2022-28262

CVE.ORG link : CVE-2022-28262


JSON object : View

Products Affected

apple

  • macos

adobe

  • acrobat_reader
  • acrobat
  • acrobat_dc
  • acrobat_reader_dc

microsoft

  • windows
CWE
CWE-125

Out-of-bounds Read