CVE-2022-34228: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability
First published: Fri Jul 15 2022(Updated: )
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat | >=15.008.20082<=22.001.20142 | |
| Adobe Acrobat Reader | >=15.008.20082<=22.001.20142 | |
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30334 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30334 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30331 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30331 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30229 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30229 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30227 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30227 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-34228?
CVE-2022-34228 is considered a critical vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2022-34228?
To resolve CVE-2022-34228, update Adobe Acrobat Reader to the latest version that addresses this vulnerability.
Which versions of Adobe Acrobat Reader are affected by CVE-2022-34228?
CVE-2022-34228 affects Adobe Acrobat Reader versions 22.001.20142 and earlier, 20.005.30334 and earlier, and 17.012.30229 and earlier.
What type of vulnerability is CVE-2022-34228?
CVE-2022-34228 is an Access of Uninitialized Pointer vulnerability.
Can CVE-2022-34228 be exploited remotely?
Yes, exploitation of CVE-2022-34228 can occur in the context of the current user, potentially allowing remote code execution.
- agent/type
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/adobe
- canonical/adobe acrobat
- version/adobe acrobat/15.008.20082
- version/adobe acrobat/22.001.20142
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/22.001.20142
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.005.30334
- version/adobe acrobat reader/20.005.30331
- version/adobe acrobat reader/17.011.30059
- version/adobe acrobat reader/17.012.30229
- version/adobe acrobat reader/17.012.30227