Bulletin ID
Last updated on
Security Updates Available for Adobe FrameMaker | APSB22-42
|
|
Date Published |
Priority |
|---|---|---|
|
APSB22-42 |
August 9, 2022 |
3 |
Summary
Affected Versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe FrameMaker |
2019 Release Update 8 and earlier |
Windows |
|
Adobe FrameMaker |
2020 Release Update 4 and earlier |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Out-of-bounds Read (CWE-125) |
Memory leak |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2022-34264 |
|
Out-of-bounds Read (CWE-125) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2022-35673 |
|
Out-of-bounds Read (CWE-125) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2022-35674 |
|
Use After Free (CWE-416) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2022-35675 |
|
Heap-based Buffer Overflow (CWE-122) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2022-35676 |
|
Heap-based Buffer Overflow (CWE-122) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2022-35677 |
Acknowledgments
Adobe would like to thank the following Initiative for reporting the relevant issues and for working with Adobe to help protect our customers:
- Mat Powell of Trend Micro Zero Day Initiative-- CVE-2022-34264, CVE-2022-35673, CVE-2022-35674, CVE-2022-35675, CVE-2022-35676, CVE-2022-35677
Revisions
January 05, 2022: Tech Note linked to proper page
September 22, 2021: Included details for CVE-2021-39862 and CVE-2021-39865.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com