CVE-2021-28558: Adobe Acrobat Reader heap-based buffer overflow could lead to arbitrary code execution
First published: Thu Sep 02 2021(Updated: )
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat | >=15.008.20082<=21.001.20150 | |
| Adobe Acrobat Reader | >=15.008.20082<=21.001.20150 | |
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=17.011.30059<=17.011.30194 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.001.30020 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.011.30194 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.001.30020 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-28558?
CVE-2021-28558 is rated as critical due to the potential for arbitrary code execution resulting from a heap-based buffer overflow.
How do I fix CVE-2021-28558?
To fix CVE-2021-28558, users should update Adobe Acrobat Reader DC to version 2021.001.20151 or later.
Which versions of Adobe Acrobat are affected by CVE-2021-28558?
CVE-2021-28558 affects Adobe Acrobat Reader DC versions 2021.001.20150 and earlier, Adobe Acrobat versions 2020.001.30020 and earlier, and Adobe Acrobat Reader versions 2017.011.30194 and earlier.
Can CVE-2021-28558 lead to unauthorized access?
Yes, CVE-2021-28558 can allow an unauthenticated attacker to execute arbitrary code, potentially leading to unauthorized access.
What components of Adobe apps are impacted by CVE-2021-28558?
CVE-2021-28558 specifically impacts the PDFLibTool component of Adobe Acrobat and Adobe Acrobat Reader.
- agent/type
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat
- version/adobe acrobat/15.008.20082
- version/adobe acrobat/21.001.20150
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/21.001.20150
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/17.011.30059
- version/adobe acrobat reader/17.011.30194
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.001.30020
- vendor/apple
- canonical/apple ios and macos