CVE-2022-28269: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of Annotation objects that could result in a memory leak in the context of the current user. The vulnerability was discovered and reported on March 30, 2022, and requires user interaction as the victim must open a malicious file to trigger the exploit (NVD, CVE).

The vulnerability is classified as a use-after-free (CWE-416) issue that occurs during the processing of Annotation objects. It has been assigned a CVSS v3.0 base score of 3.3 (LOW) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, and a CVSS v2.0 base score of 4.3 (MEDIUM) with the vector (AV:N/AC:M/Au:N/C:P/I:N/A:N) (NVD).

The exploitation of this vulnerability could result in a memory leak in the context of the current user. While the direct impact is limited to information disclosure, it could potentially be used by attackers to bypass security mitigations (NVD).

Adobe has released security updates to address this vulnerability. Users should update their Adobe Acrobat and Reader installations to the latest versions available (Adobe Advisory).