CVE-2023-21584

2023-02-1722:15:12

CWE-416

[email protected]

web.nvd.nist.gov

cve-2023-21584

framemaker

update

use after free

vulnerability

aslr

exploitation

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected configurations

NVD

Node

microsoftwindowsMatch-

AND

adobeframemakerRange≤2020.0.4

adobeframemakerMatch2022

CPENameOperatorVersion
adobe:framemakeradobe framemakerle2020.0.4
adobe:framemakeradobe framemakereq2022

CPE	Name	Operator	Version
adobe:framemaker	adobe framemaker	le	2020.0.4
adobe:framemaker	adobe framemaker	eq	2022

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "FrameMaker",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "2020u4",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "2022",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]