Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
History

Thu, 19 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Dec 2024 23:30:00 +0000

Type Values Removed Values Added
Description Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-12-18T23:23:08.432Z

Updated: 2024-12-19T16:39:49.563Z

Reserved: 2022-10-31T16:22:11.209Z

Link: CVE-2022-44515

cve-icon Vulnrichment

Updated: 2024-12-19T16:26:38.171Z

cve-icon NVD

Status : Received

Published: 2024-12-19T00:15:05.567

Modified: 2024-12-19T00:15:05.567

Link: CVE-2022-44515

cve-icon Redhat

No data.