Multiple vulnerabilities in Adobe Acrobat and Reader
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2022-34236 CVE-2022-34232 CVE-2022-34215 CVE-2022-34233 CVE-2022-34216 CVE-2022-34217 CVE-2022-34219 CVE-2022-34220 CVE-2022-34234 CVE-2022-34221 CVE-2022-34239 CVE-2022-34230 CVE-2022-34238 CVE-2022-34237 CVE-2022-34222 CVE-2022-34223 CVE-2022-34224 CVE-2022-34225 CVE-2022-34226 CVE-2022-34227 CVE-2022-34228 CVE-2022-34229 CVE-2022-35669 |
| CWE-ID | CWE-125 CWE-416 CWE-787 CWE-843 CWE-824 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #12 is available. |
| Vulnerable software Subscribe |
Adobe Acrobat Client/Desktop applications / Office applications Adobe Reader Client/Desktop applications / Office applications |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU65239
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34236
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read error and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-979/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU65236
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when printing Annotation objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-982/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU65240
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34215
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when handling Annotation objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-983/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU65235
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34233
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and gain access to sensitive information. MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-985/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU65234
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34216
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-1001/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU65243
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34217
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds write and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-990/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU65233
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34219
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-989/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU65232
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34220
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-998/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU65231
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34234
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in printWithParams when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and gain access to sensitive information. MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-984/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Type confusion
EUVDB-ID: #VU65244
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-34221
CWE-ID:
CWE-843 - Type confusion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Out-of-bounds read
EUVDB-ID: #VU65238
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34239
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read error and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-980/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU65224
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-34230
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
13) Out-of-bounds read
EUVDB-ID: #VU65237
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34238
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read error and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU65230
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34237
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and gain access to sensitive information. MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-981/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU65241
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34222
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when handling the query method. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-988/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU65229
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34223
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-995/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU65228
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34224
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-992/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU65227
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34225
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-996/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU65242
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34226
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-994/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU65226
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34227
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-1000/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Access of uninitialized pointer
EUVDB-ID: #VU65245
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34228
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a memory corruption and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-991/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU65225
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34229
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 22.001.20142
Adobe Reader: 17.012.30227 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
http://www.zerodayinitiative.com/advisories/ZDI-22-993/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU68153
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-35669
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Reader: 17.012.30227 - 2020.013.20074
Adobe Acrobat: 17.008.30051 - 22.001.20142
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-32.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
