CVE-2022-35703: 
Adobe Bridge vulnerability analysis and mitigation

Adobe Bridge versions 12.0.2 (and earlier) and 11.1.3 (and earlier) were affected by an out-of-bounds read vulnerability when parsing crafted files. The vulnerability was discovered in April 2022 and publicly disclosed on September 19, 2022. This security flaw was assigned CVE-2022-35703 and required user interaction, specifically opening a malicious file, to be exploited (Adobe Security, NVD).

The vulnerability is specifically related to the parsing of SVG files in Adobe Bridge. The flaw exists as an out-of-bounds read vulnerability that can trigger a read past the end of an allocated buffer when parsing crafted files. The vulnerability received a CVSS score of 7.8 (Critical) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory, Adobe Security).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The impact is particularly severe as it could result in reading past the end of an allocated memory structure, potentially leading to code execution with the privileges of the current user (NVD, ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Bridge to mitigate this security risk. The fix was included in the security bulletin APSB22-49 (Adobe Security).