First published: Tue Sep 13 2022(Updated: )
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Incopy | >=16.0<=16.4.2 | |
Adobe Incopy | >=17.0<=17.3 | |
Apple macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Adobe InCopy vulnerability is CVE-2022-38407.
Adobe InCopy versions 16.0 through 16.4.2, as well as versions 17.0 through 17.3, are affected by this vulnerability.
The severity rating of the CVE-2022-38407 vulnerability is Medium, with a severity value of 5.5.
This vulnerability could lead to the disclosure of sensitive memory and allow an attacker to bypass mitigations such as ASLR.
To fix the CVE-2022-38407 vulnerability, update Adobe InCopy to a version later than 17.3 or 16.4.2, depending on the affected version.