CVE-2022-27802

2022-05-1118:15:00

CWE-416

[email protected]

web.nvd.nist.gov

acrobat reader

cve-2022-27802

vulnerability

use-after-free

arbitrary code execution

nvd

security advisory

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.1 Low

EPSS

Percentile

94.8%

JSON

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CPENameOperatorVersion
adobe:acrobat_dcadobe acrobat dcle22.001.20085
adobe:acrobat_reader_dcadobe acrobat reader dcle22.001.20085
adobe:acrobatadobe acrobatle17.012.30205
adobe:acrobat_readeradobe acrobat readerle17.012.30205
adobe:acrobatadobe acrobatle20.005.30314
adobe:acrobat_readeradobe acrobat readerle20.005.30314
adobe:acrobatadobe acrobatle20.005.30311
adobe:acrobat_readeradobe acrobat readerle20.005.30311

CPE	Name	Operator	Version
adobe:acrobat_dc	adobe acrobat dc	le	22.001.20085
adobe:acrobat_reader_dc	adobe acrobat reader dc	le	22.001.20085
adobe:acrobat	adobe acrobat	le	17.012.30205
adobe:acrobat_reader	adobe acrobat reader	le	17.012.30205
adobe:acrobat	adobe acrobat	le	20.005.30314
adobe:acrobat_reader	adobe acrobat reader	le	20.005.30314
adobe:acrobat	adobe acrobat	le	20.005.30311
adobe:acrobat_reader	adobe acrobat reader	le	20.005.30311