Skip to main content

CVE-2022-35678: Out-of-bounds Read (CWE-125) in Adobe Acrobat Reader

Medium
Published: Thu Aug 11 2022 (08/11/2022, 14:44:26 UTC)
Source: CVE
Vendor/Project: Adobe
Product: Acrobat Reader

Description

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AI-Powered Analysis

AILast updated: 06/22/2025, 23:52:10 UTC

Technical Analysis

CVE-2022-35678 is an out-of-bounds read vulnerability (CWE-125) affecting multiple versions of Adobe Acrobat Reader, specifically versions 22.001.20169 and earlier, 20.005.30362 and earlier, and 17.012.30249 and earlier. This vulnerability allows an attacker to read memory outside the intended buffer boundaries, potentially disclosing sensitive information from the process memory space. Such information disclosure can be leveraged to bypass security mitigations like Address Space Layout Randomization (ASLR), which is designed to prevent exploitation by randomizing memory addresses. Exploitation requires user interaction, as the victim must open a crafted malicious PDF file. There are no known exploits in the wild as of the published date, and Adobe has not yet released patches for this vulnerability. The nature of the vulnerability implies that an attacker could gain insights into memory layout or sensitive data, which could be a stepping stone for further exploitation or privilege escalation. The vulnerability affects a widely used application, Adobe Acrobat Reader, which is prevalent in both personal and enterprise environments worldwide, including Europe. Given the requirement for user interaction and no direct remote code execution, the immediate risk is moderate, but the potential for escalation exists if combined with other vulnerabilities or attack vectors.

Potential Impact

For European organizations, the impact of CVE-2022-35678 can be significant due to the widespread use of Adobe Acrobat Reader in business, government, and critical infrastructure sectors. Disclosure of sensitive memory could lead to leakage of confidential information, such as cryptographic keys, credentials, or other sensitive data residing in memory. This could facilitate subsequent targeted attacks, including privilege escalation or lateral movement within networks. Organizations handling sensitive data, such as financial institutions, healthcare providers, and government agencies, are at higher risk. The necessity for user interaction means phishing or social engineering campaigns could be used to deliver malicious PDFs, increasing the threat surface. Additionally, bypassing ASLR weakens the overall security posture, potentially enabling more sophisticated exploits. The absence of known exploits in the wild currently limits immediate widespread impact, but the vulnerability remains a concern until patched, especially in environments with less stringent user awareness or outdated software management practices.

Mitigation Recommendations

1. Immediate deployment of the latest available Adobe Acrobat Reader versions once Adobe releases patches addressing CVE-2022-35678 is critical. 2. Until patches are available, organizations should implement strict email filtering and attachment scanning to detect and block malicious PDFs. 3. Employ application whitelisting and restrict execution of untrusted PDF files, especially from external sources. 4. Enhance user awareness training focusing on phishing and social engineering tactics that could deliver malicious PDFs. 5. Utilize endpoint detection and response (EDR) solutions to monitor for anomalous behavior related to Acrobat Reader processes. 6. Consider disabling or restricting JavaScript execution within Acrobat Reader, as it can be used to trigger or facilitate exploitation. 7. Network segmentation to limit the impact of a compromised endpoint and reduce lateral movement opportunities. 8. Regularly audit and inventory installed software versions across the organization to identify and remediate outdated Acrobat Reader installations promptly.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
adobe
Date Reserved
2022-07-12T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9844c4522896dcbf3b41

Added to database: 5/21/2025, 9:09:24 AM

Last enriched: 6/22/2025, 11:52:10 PM

Last updated: 7/29/2025, 7:26:11 PM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats