CVE-2026-27301
Received Received - Intake
Heap-Based Buffer Overflow in Adobe FrameMaker Leads to Memory Exposure

Publication date: 2026-04-14

Last updated on: 2026-04-15

Assigner: Adobe Systems Incorporated

Description
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-15
Generated
2026-05-07
AI Q&A
2026-04-15
EPSS Evaluated
2026-05-05
NVD
CVE-2026-27301
EUVD
EUVD-2026-22798
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adobe framemaker to 2022.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

Adobe Framemaker versions 2022.8 and earlier contain a heap-based buffer overflow vulnerability. This flaw could allow an attacker to cause memory exposure by exploiting the overflow.

To exploit this vulnerability, an attacker must trick a user into opening a malicious file, which then triggers the memory exposure.


How can this vulnerability impact me? :

This vulnerability can lead to the disclosure of sensitive information stored in memory, potentially exposing confidential data.

Since exploitation requires user interaction, the risk depends on whether a user opens a malicious file crafted by an attacker.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, avoid opening malicious files in Adobe Framemaker versions 2022.8 and earlier, as exploitation requires user interaction by opening a malicious file.

Consider updating Adobe Framemaker to a version later than 2022.8 once a patch is available to address the heap-based buffer overflow vulnerability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability could lead to memory exposure, allowing an attacker to disclose sensitive information stored in memory if a user opens a malicious file.

Such exposure of sensitive information may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data.

However, specific effects on compliance depend on the nature of the exposed data and the context of the affected environment.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart