CVE-2022-35691: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 22.002.20212 and earlier, along with version 20.005.30381 and earlier, were affected by a NULL Pointer Dereference vulnerability identified as CVE-2022-35691. The vulnerability was disclosed and addressed in November 2022 (Adobe Security).

The vulnerability is classified as a NULL Pointer Dereference issue with a CVSS v3.1 score of 5.5 (Medium severity). The technical assessment indicates it requires local access (AV:L) with low attack complexity (AC:L), no privileges required (PR:N), and user interaction (UI:R). The scope is unchanged (S:U) with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (Adobe Security).

The vulnerability primarily affects system availability due to its NULL Pointer Dereference nature, with no direct impact on confidentiality or integrity of the system. The CVSS scoring indicates potential for high availability impact if successfully exploited (Adobe Security).

Adobe addressed this vulnerability through security updates, with the fix included in version 22.003.20258. Users are advised to update to the latest version through the provided patch AcrobatDCUpd2300320269.msp (ManageEngine Database).

The vulnerability was discovered and reported by Gil Mansharov (@mansgil) from Mimecast, contributing to Adobe's security improvement efforts (Adobe Security).