CVE-2022-28824: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe Framemaker versions 2019u8 (and earlier) and 2020u4 (and earlier) were affected by a Use-after-free vulnerability identified as CVE-2022-28824. The vulnerability was discovered and reported on February 2, 2022, and publicly disclosed on May 10, 2022. This security flaw specifically relates to the parsing of embedded fonts in Adobe Framemaker (ZDI Advisory, NVD).

The vulnerability is classified as a Use-After-Free (CWE-416) issue that occurs during font parsing operations. The specific flaw exists within the parsing of embedded fonts, resulting from the lack of validation of an object's existence prior to performing operations on it. The vulnerability received a CVSS v3.0 base score of 7.8 (High) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v2.0 score of 9.3 (NVD, ZDI Advisory).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The attacker could leverage this vulnerability to execute code in the context of the current process, potentially leading to complete system compromise (NVD, ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Framemaker as detailed in the vendor's security advisory (Adobe Advisory).