Design/Logic Flaw

2022-05-1118:15:00

PRIOn knowledge base

www.prio-n.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.099 Low

EPSS

Percentile

94.7%

JSON

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of annotations that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CPENameOperatorVersion
acrobatge17.011.30059
acrobatle17.012.30205
acrobatge20.001.30005
acrobatle20.005.30314
acrobatge20.001.30005
acrobatle20.005.30311
acrobat_dcge15.008.20082
acrobat_dcle22.001.20085
acrobat_readerge17.011.30059
acrobat_readerle17.012.30205

Name	Operator	Version
acrobat	ge	17.011.30059
acrobat	le	17.012.30205
acrobat	ge	20.001.30005
acrobat	le	20.005.30314
acrobat	ge	20.001.30005
acrobat	le	20.005.30311
acrobat_dc	ge	15.008.20082
acrobat_dc	le	22.001.20085
acrobat_reader	ge	17.011.30059
acrobat_reader	le	17.012.30205