SB2022051117 - Multiple vulnerabilities in Adobe Framemaker
Published: May 11, 2022 Updated: May 11, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2022-28821)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
2) Out-of-bounds write (CVE-ID: CVE-2022-28822)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
3) Use-after-free (CVE-ID: CVE-2022-28823)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger a use-after-free error and execute arbitrary code on the target system.
4) Use-after-free (CVE-ID: CVE-2022-28824)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger a use-after-free error and execute arbitrary code on the target system.
5) Out-of-bounds write (CVE-ID: CVE-2022-28825)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
6) Out-of-bounds write (CVE-ID: CVE-2022-28826)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
7) Out-of-bounds write (CVE-ID: CVE-2022-28827)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing SVG images. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
8) Out-of-bounds write (CVE-ID: CVE-2022-28828)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
9) Out-of-bounds write (CVE-ID: CVE-2022-28829)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
10) Out-of-bounds write (CVE-ID: CVE-2022-28830)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://helpx.adobe.com/security/products/framemaker/apsb22-27.html
- https://www.zerodayinitiative.com/advisories/ZDI-22-739/
- https://www.zerodayinitiative.com/advisories/ZDI-22-744/
- https://www.zerodayinitiative.com/advisories/ZDI-22-745/
- https://www.zerodayinitiative.com/advisories/ZDI-22-743/
- https://www.zerodayinitiative.com/advisories/ZDI-22-738/
- https://www.zerodayinitiative.com/advisories/ZDI-22-737/
- https://www.zerodayinitiative.com/advisories/ZDI-22-741/
- https://www.zerodayinitiative.com/advisories/ZDI-22-742/
- https://www.zerodayinitiative.com/advisories/ZDI-22-755/
- https://www.zerodayinitiative.com/advisories/ZDI-22-740/