Lucene search

K
cveAdobeCVE-2022-34229
HistoryJul 15, 2022 - 4:15 p.m.

CVE-2022-34229

2022-07-1516:15:13
CWE-416
adobe
web.nvd.nist.gov
92
3
adobe
acrobat reader
cve-2022-34229
use after free
vulnerability
arbitrary code execution
nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.336

Percentile

97.1%

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected configurations

Nvd
Vulners
Node
adobeacrobat_dcRange15.008.2008222.001.20142continuous
OR
adobeacrobat_reader_dcRange15.008.2008222.001.20142continuous
AND
applemacosMatch-
OR
microsoftwindowsMatch-
Node
adobeacrobatRange20.001.3000520.005.30334classic
OR
adobeacrobat_readerRange20.001.3000520.005.30334classic
AND
microsoftwindowsMatch-
Node
adobeacrobatRange20.001.3000520.005.30331classic
OR
adobeacrobat_readerRange20.001.3000520.005.30331classic
AND
applemacosMatch-
Node
adobeacrobatRange17.011.3005917.012.30229classic
OR
adobeacrobat_readerRange17.011.3005917.012.30229classic
AND
microsoftwindowsMatch-
Node
adobeacrobatRange17.011.3005917.012.30227classic
OR
adobeacrobat_readerRange17.011.3005917.012.30227classic
AND
applemacosMatch-
VendorProductVersionCPE
adobeacrobat_dc*cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
adobeacrobat_reader_dc*cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
adobeacrobat*cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*
adobeacrobat_reader*cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*

CNA Affected

[
  {
    "product": "Acrobat Reader",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "22.001.20142",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "20.005.30334",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "17.012.30229",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.336

Percentile

97.1%