What is the severity of CVE-2022-28248?

CVE-2022-28248 has a severity rating that indicates it could potentially allow an attacker to read past the end of an allocated memory structure.

How do I fix CVE-2022-28248?

To fix CVE-2022-28248, update Adobe Acrobat Reader DC to a version later than 22.001.20085 or Adobe Acrobat to a newer version beyond their affected thresholds.

Which software versions are vulnerable to CVE-2022-28248?

CVE-2022-28248 affects Adobe Acrobat Reader DC versions 22.001.2011x and earlier, as well as Acrobat versions 20.005.3033x and earlier.

What type of vulnerability is CVE-2022-28248?

CVE-2022-28248 is classified as an out-of-bounds read vulnerability that occurs when parsing crafted files.

Can CVE-2022-28248 be exploited remotely?

Yes, CVE-2022-28248 could be exploited by an attacker via a specially crafted file sent to the user.

Vulnerability/
CVE-2022-28248

medium

5.5

CWE

125

11/5/2022

17/9/2024

CVE-2022-28248: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability

First published: Wed May 11 2022(Updated: )

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Acrobat	>=15.008.20082<=22.001.20085
Adobe Acrobat Reader	>=15.008.20082<=22.001.20085
Apple iOS and macOS
Microsoft Windows
Adobe Acrobat Reader	>=17.011.30059<=17.012.30205
Adobe Acrobat Reader	>=17.011.30059<=17.012.30205
Adobe Acrobat Reader	>=20.001.30005<=20.005.30314
Adobe Acrobat Reader	>=20.001.30005<=20.005.30314
Adobe Acrobat Reader	>=20.001.30005<=20.005.30311
Adobe Acrobat Reader	>=20.001.30005<=20.005.30311

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/acrobat/apsb22-16.html

Frequently Asked Questions

What is the severity of CVE-2022-28248?
CVE-2022-28248 has a severity rating that indicates it could potentially allow an attacker to read past the end of an allocated memory structure.
How do I fix CVE-2022-28248?
To fix CVE-2022-28248, update Adobe Acrobat Reader DC to a version later than 22.001.20085 or Adobe Acrobat to a newer version beyond their affected thresholds.
Which software versions are vulnerable to CVE-2022-28248?
CVE-2022-28248 affects Adobe Acrobat Reader DC versions 22.001.2011x and earlier, as well as Acrobat versions 20.005.3033x and earlier.
What type of vulnerability is CVE-2022-28248?
CVE-2022-28248 is classified as an out-of-bounds read vulnerability that occurs when parsing crafted files.
Can CVE-2022-28248 be exploited remotely?
Yes, CVE-2022-28248 could be exploited by an attacker via a specially crafted file sent to the user.

agent/type
agent/author
agent/references
agent/description
agent/weakness
agent/severity
agent/title
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/adobe
canonical/adobe acrobat
version/adobe acrobat/15.008.20082
version/adobe acrobat/22.001.20085
canonical/adobe acrobat reader
version/adobe acrobat reader/15.008.20082
version/adobe acrobat reader/22.001.20085
vendor/apple
canonical/apple ios and macos
vendor/microsoft
canonical/microsoft windows
version/adobe acrobat reader/17.011.30059
version/adobe acrobat reader/17.012.30205
version/adobe acrobat reader/20.001.30005
version/adobe acrobat reader/20.005.30314
version/adobe acrobat reader/20.005.30311