What is the severity of CVE-2022-35672?

The severity of CVE-2022-35672 is considered high due to its potential for exploitation via crafted files.

How do I fix CVE-2022-35672?

To fix CVE-2022-35672, update Adobe Acrobat Reader to version 22.001.20086 or later, or 20.005.30315 or later.

What versions of Adobe Acrobat Reader are affected by CVE-2022-35672?

Affected versions include Adobe Acrobat Reader versions 22.001.20085 and earlier, 20.005.30314 and earlier, and 17.012.30205 and earlier.

Can CVE-2022-35672 be exploited remotely?

Yes, CVE-2022-35672 can potentially be exploited remotely by tricking users into opening a crafted PDF file.

What are the potential impacts of CVE-2022-35672?

The potential impacts of CVE-2022-35672 include unauthorized access to sensitive data due to out-of-bounds read vulnerabilities.

Vulnerability/
CVE-2022-35672

high

7.8

CWE

125

27/7/2022

16/9/2024

CVE-2022-35672: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

First published: Wed Jul 27 2022(Updated: )

Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Apple iOS and macOS
Microsoft Windows
Adobe Acrobat	>=15.008.20082<=22.001.20085
Adobe Acrobat Reader	>=15.008.20082<=22.001.20085
Adobe Acrobat Reader	>=20.001.30005<=20.005.30314
Adobe Acrobat Reader	>=20.001.30005<=20.005.30314
Adobe Acrobat Reader	>=20.001.30005<=20.005.30311
Adobe Acrobat Reader	>=20.001.30005<=20.005.30311
Adobe Acrobat Reader	>=17.011.30059<=17.012.30205
Adobe Acrobat Reader	>=17.011.30059<=17.012.30205

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/acrobat/apsb22-16.html

Frequently Asked Questions

What is the severity of CVE-2022-35672?
The severity of CVE-2022-35672 is considered high due to its potential for exploitation via crafted files.
How do I fix CVE-2022-35672?
To fix CVE-2022-35672, update Adobe Acrobat Reader to version 22.001.20086 or later, or 20.005.30315 or later.
What versions of Adobe Acrobat Reader are affected by CVE-2022-35672?
Affected versions include Adobe Acrobat Reader versions 22.001.20085 and earlier, 20.005.30314 and earlier, and 17.012.30205 and earlier.
Can CVE-2022-35672 be exploited remotely?
Yes, CVE-2022-35672 can potentially be exploited remotely by tricking users into opening a crafted PDF file.
What are the potential impacts of CVE-2022-35672?
The potential impacts of CVE-2022-35672 include unauthorized access to sensitive data due to out-of-bounds read vulnerabilities.

agent/type
agent/weakness
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/title
agent/first-publish-date
agent/event
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
vendor/apple
canonical/apple ios and macos
vendor/microsoft
canonical/microsoft windows
vendor/adobe
canonical/adobe acrobat
version/adobe acrobat/15.008.20082
version/adobe acrobat/22.001.20085
canonical/adobe acrobat reader
version/adobe acrobat reader/15.008.20082
version/adobe acrobat reader/22.001.20085
version/adobe acrobat reader/20.001.30005
version/adobe acrobat reader/20.005.30314
version/adobe acrobat reader/20.005.30311
version/adobe acrobat reader/17.011.30059
version/adobe acrobat reader/17.012.30205