CVE-2023-21622: Adobe Security Bulletin

Security Updates Available for Adobe FrameMaker | APSB23-06

Bulletin ID

Date Published

Priority

APSB23-06

February 14, 2023

3

Summary

Adobe has released a security update for Adobe FrameMaker. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution
and memory leak.

Affected Versions

Product

Version

Platform

Adobe FrameMaker

2020 Release Update 4 and earlier

Windows

Adobe FrameMaker

2022 Release

Windows

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability

Adobe FrameMaker

FrameMaker 2020 Update 5

Windows

3

Tech note

Adobe FrameMaker

FrameMaker 2022 Update 1

Windows

3

Tech note

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score

CVSS vector

CVE Numbers

Use After Free (CWE-416)

Memory leak

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2023-21584

Out-of-bounds Write (CWE-787)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2023-21619

Out-of-bounds Read (CWE-125)

Memory leak

Important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2023-21620

Improper Input Validation (CWE-20)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2023-21621

Out-of-bounds Write (CWE-787)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2023-21622

Acknowledgments

Adobe would like to thank the following Initiative for reporting the relevant issues and for working with Adobe to help protect our customers:

• Mat Powell with Trend Micro Zero Day Initiative-- CVE-2023-21584, CVE-2023-21619, CVE-2023-21620, CVE-2023-21621, CVE-2023-21622

For more information, visit https://helpx.adobe.com/security.html, or email [email protected]