CVE-2022-34234: Adobe Acrobat Reader DC Doc printWithParams Use-After-Free Information Disclosure Vulnerability
First published: Fri Jul 15 2022(Updated: )
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader DC | >=15.008.20082<=22.001.20142 | |
| Adobe Acrobat Reader | >=15.008.20082<=22.001.20142 | |
| macOS | ||
| Microsoft Windows Operating System | ||
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30334 | |
| Adobe Acrobat Reader Notification Manager | >=20.001.30005<=20.005.30334 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.005.30331 | |
| Adobe Acrobat Reader Notification Manager | >=20.001.30005<=20.005.30331 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30229 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.30059<=17.012.30229 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.012.30227 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.30059<=17.012.30227 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-34234?
CVE-2022-34234 is rated as critical due to its potential for sensitive memory disclosure.
How do I fix CVE-2022-34234?
To mitigate CVE-2022-34234, users should update Adobe Acrobat Reader to the latest version beyond 22.001.20142.
Which versions are affected by CVE-2022-34234?
CVE-2022-34234 affects Adobe Acrobat Reader versions prior to 22.001.20142, 20.005.30334, and 17.012.30229.
What type of vulnerability is CVE-2022-34234?
CVE-2022-34234 is classified as a Use After Free vulnerability.
Can CVE-2022-34234 be exploited remotely?
Yes, CVE-2022-34234 can be exploited remotely, potentially allowing attackers to bypass security mitigations.
- agent/type
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.008.20082
- version/adobe acrobat reader dc/22.001.20142
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/22.001.20142
- vendor/apple
- canonical/macos
- vendor/microsoft
- canonical/microsoft windows operating system
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.005.30334
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/20.001.30005
- version/adobe acrobat reader notification manager/20.005.30334
- version/adobe acrobat reader/20.005.30331
- version/adobe acrobat reader notification manager/20.005.30331
- version/adobe acrobat reader/17.011.30059
- version/adobe acrobat reader/17.012.30229
- version/adobe acrobat reader notification manager/17.011.30059
- version/adobe acrobat reader notification manager/17.012.30229
- version/adobe acrobat reader/17.012.30227
- version/adobe acrobat reader notification manager/17.012.30227