Fix critical vulnerabilities in FrameMaker | August 2022

Problem

Some security vulnerabilities that result in the following conditions are identified in FrameMaker 2020 release Update 4 and earlier, and FrameMaker 2019 release Update 8 and earlier:

  • SVG File Parsing Heap-Based Buffer Overflow Remote Code Execution
  • SVG File Parsing Use-After-Free Remote Code Execution
  • SVG File Parsing Out-Of-Bounds Read Remote Code Execution
  • Font Parsing Out-Of-Bounds Read Information Disclosure

For more information about these vulnerabilities, see Adobe Security Bulletin.

Solution

To resolve these issues, do the following:

  1. Download the updated files applicable for your product's version. 

  2. Extract the contents of the ZIP file. The ZIP contains the following updated files:  

    FrameMaker (2019 release)

    • CoolType.dll
    • SVGRE.dll
    • SVGExport.dll
    • AdobeSVGAGM.dll

    FrameMaker (2020 release)

    • ACE.dll
    • AGM.dll
    • ARE.dll
    • AdobePDFL.dll
    • AdobeSVGAGM.dll
    • BIB.dll
    • BIBUtils.dll
    • CoolType.dll
    • pdfport.dll
    • SVGRE.dll
    • SVGExport.dll
    • libeay32.dll
  3. Navigate to the FrameMaker install location.

    The default install location corresponding to your version of FrameMaker is:

    FrameMaker (2019 release)

    • 64-bit: C:\Program Files\Adobe\Adobe FrameMaker 2019
    • 32-bit: C:\Program Files (x86)\Adobe\Adobe FrameMaker 2019  

    FrameMaker (2020 release)

    • C:\Program Files\Adobe\Adobe FrameMaker 2020
  4. Replace the existing files with the updated files you extracted in Step 2.

    When you are prompted, click Yes to overwrite the existing files. 

  5. Launch FrameMaker.  

 Adobe

Get help faster and easier

New user?