=================================================================== CERT-Renater Note d'Information No. 2022/VULN269 _____________________________________________________________________ DATE : 11/08/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Adobe FrameMaker ====================================================================https://helpx.adobe.com/security/products/framemaker/apsb22-42.html _____________________________________________________________________ Security Updates Available for Adobe FrameMaker | APSB22-42 Bulletin ID Date Published Priority APSB22-42 August 9, 2022    3 Summary Adobe has released a security update for Adobe FrameMaker. This update addresses multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.              Affected Versions Product Version Platform Adobe FrameMaker 2019 Release Update 8 and earlier Windows Adobe FrameMaker 2020 Release Update 4 and earlier    Windows Solution Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version: Product Version Platform Priority Availability Adobe FrameMaker FrameMaker v15.0.8 (2019) Windows 3 Tech note Adobe FrameMaker FrameMaker v16.0.4 (2020) Windows 3 Tech note Vulnerability details Vulnerability Category Vulnerability Impact Severity CVSS base score CVSS vector CVE Numbers Out-of-bounds Read (CWE-125) Memory leak Important 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-34264 Out-of-bounds Read (CWE-125) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-35673 Out-of-bounds Read (CWE-125) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-35674 Use After Free (CWE-416) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-35675 Heap-based Buffer Overflow (CWE-122) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-35676 Heap-based Buffer Overflow (CWE-122) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-35677 Acknowledgments Adobe would like to thank the following Initiative for reporting the relevant issues and for working with Adobe to help protect our customers: Mat Powell of Trend Micro Zero Day Initiative-- CVE-2022-34264, CVE-2022-35673, CVE-2022-35674, CVE-2022-35675, CVE-2022-35676, CVE-2022-35677 For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com ========================================================+ CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + ======================================================= --------------sw4kjBhi3NlPeo0X7WRayxzL--