Bulletin ID
Security Updates Available for Adobe FrameMaker | APSB23-06
|
Date Published |
Priority |
---|---|---|
APSB23-06 |
February 14, 2023 |
3 |
Summary
Affected Versions
Product |
Version |
Platform |
---|---|---|
Adobe FrameMaker |
2020 Release Update 4 and earlier |
Windows |
Adobe FrameMaker |
2022 Release |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
---|---|---|---|---|---|
Use After Free (CWE-416) |
Memory leak |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2023-21584 |
Out-of-bounds Write (CWE-787) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-21619 |
Out-of-bounds Read (CWE-125) |
Memory leak |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2023-21620 |
Improper Input Validation (CWE-20) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-21621 |
Out-of-bounds Write (CWE-787) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-21622 |
Acknowledgments
Adobe would like to thank the following Initiative for reporting the relevant issues and for working with Adobe to help protect our customers:
- Mat Powell with Trend Micro Zero Day Initiative-- CVE-2023-21584, CVE-2023-21619, CVE-2023-21620, CVE-2023-21621, CVE-2023-21622
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com