CVE-2022-24091

Summary

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.

Affected Software

VendorProductVersion RangeStatus
AdobeAcrobat Readerunspecified <= 21.007.20099affected
AdobeAcrobat Readerunspecified <= 20.004.30017affected
AdobeAcrobat Readerunspecified <= 17.011.30204affected
AdobeAcrobat Readerunspecified <= Noneaffected

Weaknesses

  • CWE-787: Out-of-bounds Write (CWE-787)

ADP Enrichment

CVE Program Container

Additional References

References