CVE-2022-28239: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier), and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability identified as CVE-2022-28239. The vulnerability was disclosed on May 11, 2022, and affects multiple versions of Adobe Acrobat and Reader across Windows and macOS platforms (NVD).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that occurs when parsing a crafted file, which could result in a read past the end of an allocated memory structure. The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v2.0 score of 9.3 (NVD, Adobe Advisory).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current user. The exploitation requires user interaction, specifically requiring a victim to open a malicious file (NVD).

Adobe has released security updates to address this vulnerability. Users should update to the latest versions of their respective Adobe Acrobat and Reader products. For Acrobat DC and Reader DC, update to version 22.001.20112 (Mac) or 22.001.20117 (Windows). For Acrobat 2020 and Reader 2020, update to version 20.005.30331 (Mac) or 20.005.30334 (Windows). For Acrobat 2017 and Reader 2017, update to version 17.012.30227 (Mac) or 17.012.30229 (Windows) (CERT-FR).