CVE-2022-34226: Adobe Acrobat Reader DC PDF Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
First published: Fri Jul 15 2022(Updated: )
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat | >=15.008.20082<=22.001.20142 | |
| Adobe Acrobat Reader | >=15.008.20082<=22.001.20142 | |
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30334 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30334 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30331 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30331 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30229 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30229 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30227 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30227 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-34226?
CVE-2022-34226 is classified as a critical vulnerability due to its potential to allow an attacker to read past the allocated memory.
How do I fix CVE-2022-34226?
To fix CVE-2022-34226, users should upgrade to the latest version of Adobe Acrobat Reader or Acrobat that is not affected by this vulnerability.
Which versions of Adobe Acrobat are affected by CVE-2022-34226?
Versions prior to 22.001.20142 of Adobe Acrobat and Acrobat Reader are affected by CVE-2022-34226.
What systems are impacted by CVE-2022-34226?
CVE-2022-34226 impacts Adobe Acrobat DC and Adobe Acrobat Reader DC, specifically certain versions for both.
Could CVE-2022-34226 lead to data breaches?
Yes, CVE-2022-34226 could potentially allow attackers to exploit the vulnerability for sensitive information exposure.
- agent/type
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat
- version/adobe acrobat/15.008.20082
- version/adobe acrobat/22.001.20142
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/22.001.20142
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.005.30334
- version/adobe acrobat reader/20.005.30331
- version/adobe acrobat reader/17.011.30059
- version/adobe acrobat reader/17.012.30229
- version/adobe acrobat reader/17.012.30227