CVE-2022-35702 Adobe Bridge versions 12.0.2 and 11.1.3 are affected by an out-of-bounds read vulnerability in parsing a crafted file. This could result in a read past the end of an allocated memory structure.

Adobe recommends application of the standard information security principles to defend against attack. These include identification of vulnerabilities and hardening of software to prevent attacks.
These were the recommended actions that Adobe recommends be taken to address the issue: Upgrade to version 11.1.4 or later.

Apply the updates provided by the vendor of the affected software.

For Adobe Reader: - Enable click-to- activate install security. https://helpx.adobe.com/security/current.html - Apply recommended mitigations for CVE-2016-2836. https://helpx.adobe.com/security/known- vulnerabilities.html - Restrict access to Adobe Reader via multi-factor authentication. - Restrict access to the file system where the Reader is installed. - Apply device level hardening to disable installation of unverified software. - Restrict access to the device via a secure network.

References br

- https://helpx.adobe.com/security/current.html
- https://helpx.adobe.com/security/known- vulnerabilities.html
- https://helpx.adobe.com/security/recommended- mitigations.html
- https://helpx.adobe.com/security/device- level-hardening

Timeline

Published on: 09/19/2022 16:15:00 UTC
Last modified on: 09/21/2022 13:13:00 UTC

References

• https://helpx.adobe.com/security/products/bridge/apsb22-49.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35702