Headline
CVE-2022-24101: Adobe Security Bulletin
Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Security update available for Adobe Acrobat and Reader | APSB22-16
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, security feature bypass and privilege escalation.
For questions regarding Acrobat DC, please visit the Acrobat DC FAQ page.
Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
Users can update their product installations manually by choosing Help > Check for Updates.
The products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
For IT administrators (managed environments):
Refer to the specific release note version for links to installers.
Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Number
Use After Free (CWE-416)
Memory Leak
Moderate
3.3
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-24101
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-24103
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-24104
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27785
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-24102
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27786
Out-of-bounds Write (CWE-787)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27787
Out-of-bounds Write (CWE-787)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27788
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27789
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27790
Stack-based Buffer Overflow (CWE-121)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27791
Out-of-bounds Write (CWE-787)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27792
Out-of-bounds Write (CWE-787)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27793
Access of Uninitialized Pointer (CWE-824)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27794
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27795
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27796
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27797
Out-of-bounds Write (CWE-787)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27798
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27799
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27800
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27801
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-27802
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28230
Out-of-bounds Read (CWE-125)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28231
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28232
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28233
Heap-based Buffer Overflow (CWE-122)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28234
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28235
Out-of-bounds Write (CWE-787)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28236
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28237
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28238
Out-of-bounds Read (CWE-125)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28239
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28240
Out-of-bounds Read (CWE-125)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28241
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28242
Out-of-bounds Read (CWE-125)
Arbitrary code execution
Critical
7.8
CVSS:3.0AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28243
Violation of Secure Design Principles (CWE-657)
Arbitrary code execution
Important
6.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2022-28244
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28245
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28246
Missing Support for Integrity Check (CWE-353)
Privilege escalation
Important
6.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28247
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28248
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28249
Use After Free (CWE-416)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28250
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28251
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-28252
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28253
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28254
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28255
Use After Free (CWE-416)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28256
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28257
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28258
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28259
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28260
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28261
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28262
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28263
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28264
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28265
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28266
Out-of-bounds Read (CWE-125)
Memory Leak
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28267
Out-of-bounds Read (CWE-125)
Memory Leak
Moderate
3.3
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-28268
Use After Free (CWE-416)
Memory Leak
Moderate
3.3
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-28269
Use After Free (CWE-416)
Memory Leak
Moderate
5.5
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-28837
Use After Free (CWE-416)
Arbitrary code execution
Critical
7.8
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28838
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
Mat Powell of Trend Micro Zero Day Initiative - CVE-2022-28250, CVE-2022-28251, CVE-2022-28252, CVE-2022-28253, CVE-2022-28254, CVE-2022-28255, CVE-2022-28256, CVE-2022-28257, CVE-2022-28258, CVE-2022-28259, CVE-2022-28260, CVE-2022-28261, CVE-2022-28262, CVE-2022-28263, CVE-2022-28264, CVE-2022-28265, CVE-2022-28266, CVE-2022-28267, CVE-2022-28268, CVE-2022-28239, CVE-2022-28240, CVE-2022-28241, CVE-2022-28242, CVE-2022-28243, CVE-2022-27800, CVE-2022-27802, CVE-2022-24101, CVE-2022-28837, CVE-2022-28838
Anonymous working with Trend Micro Zero Day Initiative - CVE-2022-27785, CVE-2022-27786, CVE-2022-27787, CVE-2022-27788, CVE-2022-27790, CVE-2022-27791, CVE-2022-27792, CVE-2022-27793, CVE-2022-27794, CVE-2022-27797, CVE-2022-27798, CVE-2022-27801, CVE-2022-28231, CVE-2022-28232, CVE-2022-28233, CVE-2022-28236, CVE-2022-28237, CVE-2022-28238, CVE-2022-28245, CVE-2022-28246, CVE-2022-28248, CVE-2022-28269, CVE-2022-24102, CVE-2022-24103, CVE-2022-24104
Mark Vincent Yason (@MarkYason) working with Trend Micro Zero Day Initiative - CVE-2022-27795, CVE-2022-27796, CVE-2022-27799, CVE-2022-28230, CVE-2022-28235
Krishnakant Patil and Ashfaq Ansari - HackSys Inc working with Trend Micro Zero Day Initiative - CVE-2022-28249, CVE-2022-27789
Lockheed Martin Red Team - CVE-2022-28247
Gehirn Inc. - Maru Asahina, Ren Hirasawa, Tatsuki Maekawa(@mtk0308), Tsubasa Iinuma, Hikaru Ida(@howmuch515) - CVE-2022-28244
RUC_SE_SEC (ruc_se_sec) - CVE-2022-28234
April 18, 2022: Updated acknowledgement for CVE-2022-24102, CVE-2022-24103, CVE-2022-24104
May 9th, 2022: Added CVE details for CVE-2022-28837, CVE-2022-28838
For more information, visit https://helpx.adobe.com/security.html, or email [email protected].
Related news
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of the acroform event that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.