Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
History

Thu, 19 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Dec 2024 23:45:00 +0000

Type Values Removed Values Added
Description Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Acrobat Reader | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-12-18T23:28:16.489Z

Updated: 2024-12-19T16:39:25.153Z

Reserved: 2022-10-31T16:22:11.210Z

Link: CVE-2022-44517

cve-icon Vulnrichment

Updated: 2024-12-19T16:26:30.874Z

cve-icon NVD

Status : Received

Published: 2024-12-19T00:15:05.880

Modified: 2024-12-19T00:15:05.880

Link: CVE-2022-44517

cve-icon Redhat

No data.