CVE-2022-38437

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

18 Oct 2022, 19:29

Type Values Removed Values Added
References (MISC) https://helpx.adobe.com/security/products/acrobat/apsb22-46.html - (MISC) https://helpx.adobe.com/security/products/acrobat/apsb22-46.html - Vendor Advisory
First Time Adobe acrobat
Apple macos
Adobe acrobat Dc
Adobe
Adobe acrobat Reader
Adobe acrobat Reader Dc
Apple
Microsoft windows
Microsoft
CPE cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*

14 Oct 2022, 20:31

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-14 20:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-38437

Mitre link : CVE-2022-38437

CVE.ORG link : CVE-2022-38437


JSON object : View

Products Affected

adobe

  • acrobat
  • acrobat_reader_dc
  • acrobat_dc
  • acrobat_reader

apple

  • macos

microsoft

  • windows
CWE
CWE-416

Use After Free