CVE-2022-24101
Published on: Not Yet Published
Last Modified on: 05/18/2022 04:21:00 PM UTC
Certain versions of Acrobat from Adobe contain the following vulnerability:
Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- CVE-2022-24101 has been assigned by
[email protected] to track the vulnerability - currently rated as LOW severity.
- Affected Vendor/Software:
Adobe - Acrobat Reader version <= 22.001.20085
- Affected Vendor/Software:
Adobe - Acrobat Reader version <= 20.005.3031x
- Affected Vendor/Software:
Adobe - Acrobat Reader version <= 17.012.30205
- Affected Vendor/Software:
Adobe - Acrobat Reader version <= None
CVSS3 Score: 3.3 - LOW
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | LOW | NONE | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Adobe Security Bulletin | helpx.adobe.com text/html |
![]() |
Related QID Numbers
- 376538 Adobe Security Update for Adobe Acrobat and Adobe Reader (APSB22-16)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Adobe | Acrobat | All | All | All | All |
Application | Adobe | Acrobat | All | All | All | All |
Application | Adobe | Acrobat | All | All | All | All |
Application | Adobe | Acrobat Dc | All | All | All | All |
Application | Adobe | Acrobat Reader | All | All | All | All |
Application | Adobe | Acrobat Reader | All | All | All | All |
Application | Adobe | Acrobat Reader | All | All | All | All |
Application | Adobe | Acrobat Reader Dc | All | All | All | All |
Operating System | Apple | Macos | - | All | All | All |
Operating System | Microsoft | Windows | - | All | All | All |
- cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*:
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*:
- cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2022-24101 : Acrobat Reader DC versions 20.001.20085 and earlier , 20.005.3031x and earlier and 17.012.30205… twitter.com/i/web/status/1… | 2022-05-11 18:05:15 |
![]() |
MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution - PATCH: NOW | 2022-04-14 14:17:43 |
![]() |
CVE-2022-24101 | 2022-05-11 18:38:23 |