Issued: Tuesday, 17 May, 2022 |
Last Revision: Tuesday, 17 May, 2022 |
Vendor: |
Product: |
Severity Level: |
Adobe has issued security update for May 2022, which address multiple critical and important vulnerabilities in its products. It appears that none of Adobe's bugs fixed in this month are publicly known or under active attack.
Adobe products that are patched in this month security update includes- FrameMaker document processor, the InCopy, InDesign suites, the Character Animator motion capture tool and the Adobe ColdFusion platform.
Adobe has fixed problem of Out-of-bounds Write, Out-of-bounds Read, Use After Free and Cross-site Scripting.
Organizations are strongly encouraged to review and apply appropriate update using the vendor provided instruction in the “Solution” section of Adobe security bulletin, particularly patches for critical vulnerabilities.
CVE/Vulnerability | Description | Severity |
CVE-2022-28819 | Out-of-bounds Write | Critical |
CVE-2022-28818 | Cross-site Scripting | Important |
CVE-2022-28831 | Out-of-bounds Write | Critical |
CVE-2022-28832 | Out-of-bounds Read | Critical |
CVE-2022-28833 | Out-of-bounds Write | Critical |
Multiple Vulnerabilities | Out-of-bounds Write, Read and Use After Free | Critical |
CVE-2022-28834 | Out-of-bounds Write | Critical |
CVE-2022-28835 | Use After Free | Critical |
CVE-2022-28836 | Out-of-bounds Write | Critical |
Table 1: Vulnerability details
Affected Product(s) | Version | Platform |
Character Animator 2021 | 4.4.2 and earlier versions | Windows and macOS |
Character Animator 2022 | 22.3 and earlier versions | Windows and macOS |
ColdFusion 2018 | Update 13 and earlier versions | All |
ColdFusion 2021 | Version 3 and earlier versions | All |
Adobe InDesign | 17.1 and earlier versions | Windows and macOS |
Adobe InDesign | 16.4.1 and earlier versions | Windows and macOS |
Adobe Framemaker | 2019 Release Update 8 and earlier | Windows |
Adobe Framemaker | 2020 Release Update 4 and earlier | Windows |
Adobe InCopy | 17.1 and earlier version | Windows and macOS |
Adobe InCopy | 16.4.1 and earlier version | Windows and macOS |
Table 2: Vulnerable versions
Organizations are strongly encouraged to apply appropriate update using the vendor provided instruction as soon as possible.