CVE-2022-44519: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file (NVD).

The vulnerability is classified as a Use After Free (CWE-416) issue with a CVSS base score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). The specific flaw exists within handling of Highlight Annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object (ZDI Advisory).

The vulnerability could lead to disclosure of sensitive memory and could potentially be leveraged to bypass security mitigations such as ASLR (Address Space Layout Randomization). An attacker can leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (Adobe Security).

Adobe has released security updates to address this vulnerability. Users can update their software installations by choosing Help > Check for Updates, or the products will update automatically when updates are detected. For IT administrators in managed environments, updates can be deployed via preferred methodologies such as AIP-GPO, bootstrapper, SCUP/SCCM for Windows, or Apple Remote Desktop and SSH for macOS (Adobe Security).