CVE-2022-28231: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier), and 17.012.30205 (and earlier) were affected by an out-of-bounds read vulnerability when processing a doc object. The vulnerability was discovered and assigned CVE-2022-28231, with the record being created on March 30, 2022 (CVE Details).

The vulnerability is classified as an out-of-bounds read vulnerability that occurs during the processing of Doc objects. The specific flaw exists due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. The vulnerability has been assigned a CVSS score of 3.3 with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (Zero Day Initiative).

This vulnerability could allow attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. Additionally, attackers could potentially leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (Zero Day Initiative).

Adobe has issued a security update to address this vulnerability. Users are advised to update to the latest version of Adobe Acrobat Reader DC (Adobe Security).