CVE-2022-38437

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: Oct 14, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-38437
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
adobe / acrobat_dc	15.008.20082	22.003.20258
adobe / acrobat_reader_dc	15.008.20082	22.003.20258
adobe / acrobat	20.001.30005	20.005.30407
adobe / acrobat_reader	20.001.30005	20.005.30407

https://helpx.adobe.com/security/products/acrobat/apsb22-46.html

Vulnerability Database

290,206

CVE-2022-38437