CVE-2022-28837: Adobe Acrobat Pro DC Doc buttonSetIcon Use-After-Free Information Disclosure Vulnerability
First published: Wed May 11 2022(Updated: )
Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat | >=15.008.20082<=22.001.20085 | |
| Adobe Acrobat Reader | >=15.008.20082<=22.001.20085 | |
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30205 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30205 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30314 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30314 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30311 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30311 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-28837?
CVE-2022-28837 has been rated as a high-severity vulnerability due to the potential disclosure of sensitive memory.
How do I fix CVE-2022-28837?
To fix CVE-2022-28837, update Adobe Acrobat DC or Adobe Acrobat Reader DC to the latest versions provided by Adobe.
What versions are affected by CVE-2022-28837?
CVE-2022-28837 affects Adobe Acrobat Pro DC version 22.001.2011x and earlier, as well as several earlier versions of Adobe Acrobat Reader.
What type of vulnerability is CVE-2022-28837?
CVE-2022-28837 is classified as a use-after-free vulnerability, which can lead to the exposure of sensitive information.
Can an attacker exploit CVE-2022-28837 remotely?
Yes, an attacker could exploit CVE-2022-28837 remotely to bypass security mitigations and access sensitive information.
- agent/type
- agent/author
- agent/references
- agent/description
- agent/weakness
- agent/title
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat
- version/adobe acrobat/15.008.20082
- version/adobe acrobat/22.001.20085
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/22.001.20085
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/17.011.30059
- version/adobe acrobat reader/17.012.30205
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.005.30314
- version/adobe acrobat reader/20.005.30311