SB2022041255 - Multiple vulnerabilities in Adobe Acrobat and Reader
Published: April 12, 2022 Updated: May 26, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 73 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2022-28255)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
2) Use-after-free (CVE-ID: CVE-2022-28242)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
3) Out-of-bounds read (CVE-ID: CVE-2022-28243)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds read and execute arbitrary code on the target system.
4) Security restrictions bypass (CVE-ID: CVE-2022-28244)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a design error when handling PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and gain access to sensitive information.5) Out-of-bounds read (CVE-ID: CVE-2022-28245)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
6) Out-of-bounds read (CVE-ID: CVE-2022-28246)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
7) Improper integrity check (CVE-ID: CVE-2022-28247)
The vulnerability allows a local user to escalate privileges on the system.
8) Out-of-bounds read (CVE-ID: CVE-2022-28248)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
9) Out-of-bounds read (CVE-ID: CVE-2022-28249)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
10) Use-after-free (CVE-ID: CVE-2022-28250)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and read memory contents on the system.
11) Out-of-bounds read (CVE-ID: CVE-2022-28251)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
12) Out-of-bounds read (CVE-ID: CVE-2022-28252)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
13) Out-of-bounds read (CVE-ID: CVE-2022-28253)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
14) Out-of-bounds read (CVE-ID: CVE-2022-28254)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
15) Use-after-free (CVE-ID: CVE-2022-28256)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and read memory contents on the system.
16) Use-after-free (CVE-ID: CVE-2022-28240)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when handling Annotation objects in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
17) Out-of-bounds read (CVE-ID: CVE-2022-28257)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
18) Out-of-bounds read (CVE-ID: CVE-2022-28258)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
19) Out-of-bounds read (CVE-ID: CVE-2022-28259)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
20) Out-of-bounds read (CVE-ID: CVE-2022-28260)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
21) Out-of-bounds read (CVE-ID: CVE-2022-28261)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
22) Out-of-bounds read (CVE-ID: CVE-2022-28262)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
23) Out-of-bounds read (CVE-ID: CVE-2022-28263)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
24) Out-of-bounds read (CVE-ID: CVE-2022-28264)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
25) Out-of-bounds read (CVE-ID: CVE-2022-28265)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
26) Out-of-bounds read (CVE-ID: CVE-2022-28266)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
27) Out-of-bounds read (CVE-ID: CVE-2022-28267)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
28) Out-of-bounds read (CVE-ID: CVE-2022-28268)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and read memory contents on the system.
29) Use-after-free (CVE-ID: CVE-2022-28269)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and read memory contents on the system.
30) Out-of-bounds read (CVE-ID: CVE-2022-28241)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds read and execute arbitrary code on the target system.
31) Out-of-bounds read (CVE-ID: CVE-2022-28239)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds read and execute arbitrary code on the target system.
32) Use-after-free (CVE-ID: CVE-2022-24101)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and read memory contents on the system.
33) Use-after-free (CVE-ID: CVE-2022-27795)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
34) Use-after-free (CVE-ID: CVE-2022-24103)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
35) Use-after-free (CVE-ID: CVE-2022-24104)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
36) Use-after-free (CVE-ID: CVE-2022-27785)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
37) Use-after-free (CVE-ID: CVE-2022-24102)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
38) Use-after-free (CVE-ID: CVE-2022-27786)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
39) Out-of-bounds write (CVE-ID: CVE-2022-27787)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
40) Out-of-bounds write (CVE-ID: CVE-2022-27788)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
41) Use-after-free (CVE-ID: CVE-2022-27789)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
42) Use-after-free (CVE-ID: CVE-2022-27790)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
43) Stack-based buffer overflow (CVE-ID: CVE-2022-27791)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
44) Out-of-bounds write (CVE-ID: CVE-2022-27792)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
45) Out-of-bounds write (CVE-ID: CVE-2022-27793)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
46) Access of uninitialized pointer (CVE-ID: CVE-2022-27794)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger memory corruption and execute arbitrary code on the target system.
47) Use-after-free (CVE-ID: CVE-2022-27796)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
48) Use-after-free (CVE-ID: CVE-2022-28238)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
49) Use-after-free (CVE-ID: CVE-2022-27797)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
50) Out-of-bounds write (CVE-ID: CVE-2022-27798)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
51) Use-after-free (CVE-ID: CVE-2022-27799)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
52) Use-after-free (CVE-ID: CVE-2022-27800)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
53) Use-after-free (CVE-ID: CVE-2022-27801)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
54) Use-after-free (CVE-ID: CVE-2022-27802)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
55) Use-after-free (CVE-ID: CVE-2022-28230)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
56) Out-of-bounds read (CVE-ID: CVE-2022-28231)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds read and execute arbitrary code on the target system.
57) Use-after-free (CVE-ID: CVE-2022-28232)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
58) Use-after-free (CVE-ID: CVE-2022-28233)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
59) Heap-based buffer overflow (CVE-ID: CVE-2022-28234)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a heap-based buffer overflow and execute arbitrary code on the system.
60) Use-after-free (CVE-ID: CVE-2022-28235)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
61) Out-of-bounds write (CVE-ID: CVE-2022-28236)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
62) Use-after-free (CVE-ID: CVE-2022-28237)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
63) Use-after-free (CVE-ID: CVE-2022-28838)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
64) Use-after-free (CVE-ID: CVE-2022-28837)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and read memory contents on the system.
65) Out-of-bounds read (CVE-ID: CVE-2022-44516)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling Annotation lineWidth. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
66) Out-of-bounds read (CVE-ID: CVE-2022-44517)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling Annotation objects. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
67) Use-after-free (CVE-ID: CVE-2022-44514)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing embedded fonts. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
68) Out-of-bounds read (CVE-ID: CVE-2022-44515)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when parsing embedded fonts. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
69) Out-of-bounds write (CVE-ID: CVE-2022-44513)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
70) Out-of-bounds write (CVE-ID: CVE-2022-44512)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
71) Use-after-free (CVE-ID: CVE-2022-44520)
The vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error when handling Highlight Annotation noView. A remote attacker can trick the victim to
open a specially crafted PDF file, trigger a use-after-free error and
execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
72) Use-after-free (CVE-ID: CVE-2022-44519)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when handling Annotation Highlight popupOpen. A remote attacker can trick the victim to open a specially crafted PDF file and gain access to sensitive information.
73) Use-after-free (CVE-ID: CVE-2022-44518)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling Annotation Highlight delay. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.
References
- https://helpx.adobe.com/security/products/acrobat/apsb22-16.html
- https://www.zerodayinitiative.com/advisories/ZDI-22-693/
- https://www.zerodayinitiative.com/advisories/ZDI-23-732/
- https://www.zerodayinitiative.com/advisories/ZDI-23-733/
- https://www.zerodayinitiative.com/advisories/ZDI-23-739/
- https://www.zerodayinitiative.com/advisories/ZDI-23-740/
- https://www.zerodayinitiative.com/advisories/ZDI-23-738/
- https://www.zerodayinitiative.com/advisories/ZDI-23-737/
- https://www.zerodayinitiative.com/advisories/ZDI-23-736/
- https://www.zerodayinitiative.com/advisories/ZDI-23-735/
- https://www.zerodayinitiative.com/advisories/ZDI-23-734/