CVE-2022-35672

27.07.2022, 17:15

Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
adobe	CNA	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 37%

Vendor	Product	Version
adobe	acrobat_dc	15.008.20082 ≤ 𝑥 ≤ 22.001.20085
adobe	acrobat_reader_dc	15.008.20082 ≤ 𝑥 ≤ 22.001.20085
adobe	acrobat	20.001.30005 ≤ 𝑥 ≤ 20.005.30314
adobe	acrobat_reader	20.001.30005 ≤ 𝑥 ≤ 20.005.30314
adobe	acrobat	20.001.30005 ≤ 𝑥 ≤ 20.005.30311
adobe	acrobat_reader	20.001.30005 ≤ 𝑥 ≤ 20.005.30311
adobe	acrobat	17.011.30059 ≤ 𝑥 ≤ 17.012.30205
adobe	acrobat_reader	17.011.30059 ≤ 𝑥 ≤ 17.012.30205

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://helpx.adobe.com/security/products/acrobat/apsb22-16.html