CVE-2022-35677: 
Adobe Framemaker vulnerability analysis and mitigation

Adobe FrameMaker for Windows was found to contain a heap-based buffer overflow vulnerability (CVE-2022-35677) that was disclosed on August 9, 2022. The vulnerability affects Adobe FrameMaker 2019 Release Update 8 and earlier versions, as well as FrameMaker 2020 Release Update 4 and earlier versions (Adobe Security).

The vulnerability exists within the parsing of SVG files and results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. The vulnerability has been assigned a CVSS base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code in the context of the current process on affected installations of Adobe FrameMaker. The high CVSS score indicates potential severe impacts on the confidentiality, integrity, and availability of the affected system (ZDI Advisory).

Adobe has released updates to address this vulnerability. Users of Adobe FrameMaker 2019 should update to version 15.0.8, and FrameMaker 2020 users should update to version 16.0.4. The updates are available through Adobe's official channels (Lansweeper Blog).