CVE-2022-44515: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

CVE-2022-44515 is an out-of-bounds read vulnerability affecting Adobe Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier), and 17.012.30205 (and earlier). The vulnerability was discovered and disclosed in December 2024, affecting multiple versions of Adobe Acrobat and Reader software across Windows and macOS platforms (NVD Database).

The vulnerability is classified as an out-of-bounds read (CWE-125) issue that occurs when parsing a crafted file, which could result in a read past the end of an allocated memory structure. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access requirements and user interaction for exploitation (Adobe Security).

The vulnerability could allow an attacker to bypass security mitigations such as Address Space Layout Randomization (ASLR). The successful exploitation requires user interaction, specifically requiring a victim to open a malicious file (NVD Database).

Adobe has released security updates to address this vulnerability. Users are recommended to update to the latest versions: Acrobat DC Continuous version 22.001.20117 (Windows) or 22.001.20112 (Mac), Acrobat 2020 version 20.005.30334 (Windows) or 20.005.30331 (Mac), and Acrobat 2017 version 17.012.30229 (Windows) or 17.012.30227 (Mac) (Adobe Security).