CVE-2022-24101
3.3
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Exploitability: 1.8 / Impact: 1.4
Source: psirt@adobe.com (Secondary)
Description
Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Affected (8)
Products: Adobe: Acrobat Dc, Acrobat Reader Dc, Acrobat, Acrobat Reader
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.008.20082 to 22.001.20085 | |
| From 15.008.20082 to 22.001.20085 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 17.011.30059 to 17.012.30205 | |
| From 17.011.30059 to 17.012.30205 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From 20.001.30005 to 20.005.30314 | |
| From 20.001.30005 to 20.005.30314 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| From 20.001.30005 to 20.005.30311 | |
| From 20.001.30005 to 20.005.30311 |
| Running on/with | Platform Versions |
|---|---|
Apple Macos | All versions |
References (2)
Source: psirt@adobe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.