CVE-2022-35691 is a vulnerability identified in Adobe Acrobat Reader versions 22.002.20212 and earlier, as well as 20.005.30381 and earlier. The issue is classified as a NULL Pointer Dereference (CWE-476), which occurs when the application attempts to read or write to a memory location through a pointer that has not been properly initialized or has been set to NULL. This results in an application crash, leading to a denial-of-service (DoS) condition within the context of the current user. The vulnerability can be exploited by an unauthenticated attacker but requires user interaction, specifically the victim opening a maliciously crafted PDF file. Upon opening such a file, the Acrobat Reader process may crash, disrupting the user's ability to use the application until it is restarted. There are no known exploits in the wild at the time of this analysis, and no official patches have been linked or released yet. The vulnerability does not allow for code execution or privilege escalation but impacts availability by causing application instability. The attack surface is limited to users who open malicious PDF documents, which is a common vector for social engineering attacks. Given the widespread use of Adobe Acrobat Reader in both personal and enterprise environments, this vulnerability poses a moderate risk primarily through disruption rather than data compromise or system takeover.

For European organizations, the primary impact of CVE-2022-35691 is the potential disruption of business operations due to application crashes when users open malicious PDF files. This can affect productivity, especially in sectors heavily reliant on PDF documents for daily workflows such as legal, finance, government, and education. While the vulnerability does not directly compromise confidentiality or integrity, repeated denial-of-service conditions could lead to operational delays and increased support costs. Additionally, attackers could leverage this vulnerability as part of a broader social engineering campaign to cause targeted disruption. Organizations with strict uptime requirements or those using automated PDF processing systems may experience more significant operational impacts. Since exploitation requires user interaction, the risk is mitigated somewhat by user awareness, but phishing campaigns remain a viable attack vector. The lack of known exploits reduces immediate threat levels, but the vulnerability should be addressed promptly to prevent potential future abuse.

1. Implement strict email and web filtering to block or quarantine suspicious PDF attachments, reducing the likelihood of users opening malicious files. 2. Educate users to be cautious when opening PDF files from unknown or untrusted sources, emphasizing the risk of denial-of-service and other attacks. 3. Deploy application whitelisting or sandboxing techniques for Acrobat Reader to isolate crashes and prevent broader system impact. 4. Monitor Acrobat Reader processes for abnormal termination patterns that may indicate exploitation attempts, enabling rapid incident response. 5. Maintain up-to-date backups and ensure business continuity plans account for potential application downtime. 6. Regularly check Adobe’s security advisories and apply patches promptly once available to remediate the vulnerability. 7. Consider alternative PDF readers with a lower risk profile or enhanced security features in high-risk environments. 8. Use endpoint detection and response (EDR) tools to detect anomalous behavior related to PDF file handling. These measures go beyond generic advice by focusing on reducing attack surface through filtering, user training, process monitoring, and proactive incident readiness.