Login Sign Up

CVE-2022-43615

5.5 MEDIUM

📋 TL;DR

This vulnerability in CorelDRAW Graphics Suite allows attackers to read beyond allocated memory bounds when parsing malicious PDF files. Attackers can leverage this information disclosure vulnerability with other exploits to potentially execute arbitrary code. Users who open untrusted PDF files with affected CorelDRAW versions are at risk.

💻 Affected Systems

Products:
  • Corel CorelDRAW Graphics Suite
Versions: 23.5.0.506 and potentially earlier versions
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in PDF parsing functionality; all installations with PDF support are affected.

📦 What is this software?

Coreldraw by Corel

View all CVEs affecting Coreldraw →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Information disclosure and potential application crash; successful code execution would require chaining with additional vulnerabilities.

🟢

If Mitigated

Limited to application crash or denial of service if memory protections are enabled.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but PDFs are commonly shared documents.
🏢 Internal Only: MEDIUM - Internal users opening malicious PDFs from phishing campaigns or compromised shares.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (opening malicious PDF) and likely needs additional vulnerabilities for full code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 24.0.0.301 or later

Vendor Advisory: https://support.corel.com/hc/en-us/articles/4405644109330

Restart Required: Yes

Instructions:

1. Open CorelDRAW. 2. Go to Help > Check for Updates. 3. Follow prompts to install latest version. 4. Restart CorelDRAW after installation.

🔧 Temporary Workarounds

Disable PDF file association

windows

Prevent CorelDRAW from automatically opening PDF files

Control Panel > Default Programs > Set Associations > Find .pdf > Change program to non-Corel application

Use alternative PDF viewers

windows

Configure system to use Adobe Reader or other PDF viewers as default

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of CorelDRAW from untrusted locations
  • Deploy email/web filtering to block malicious PDF attachments and downloads

🔍 How to Verify

Check if Vulnerable:

Check CorelDRAW version: Open CorelDRAW > Help > About CorelDRAW. If version is 23.5.0.506 or earlier, system is vulnerable.

Check Version:

wmic product where "name like 'CorelDRAW%'" get version

Verify Fix Applied:

Verify version is 24.0.0.301 or later in Help > About CorelDRAW.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes from CorelDRAW.exe
  • Memory access violation errors in Windows Event Logs

Network Indicators:

  • Unusual outbound connections after opening PDF files
  • PDF downloads from suspicious sources

SIEM Query:

EventID=1000 AND SourceName='Application Error' AND ProcessName='CorelDRAW.exe'

📊 Metadata

CVE ID: CVE-2022-43615
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: March 29, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-43615, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)