CVE-2021-39861: Adobe Acrobat Reader DC Catalog Plugin Out-of-Bounds Read Bug
First published: Tue Sep 14 2021(Updated: )
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Dc | >=20.006.20034<=21.005.20060 | |
| Microsoft Windows | ||
| Adobe Acrobat Dc | >=20.006.20034<=21.005.20058 | |
| Apple macOS | ||
| Adobe Acrobat Reader DC | >=20.006.20034<=21.005.20060 | |
| Adobe Acrobat 2017 | >=17.011.30158<=17.011.30199 | |
| Adobe Acrobat Reader 2017 | >=17.011.30158<=17.011.30199 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30006 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30006 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this Adobe Acrobat Reader vulnerability?
The vulnerability ID is CVE-2021-39861.
Which versions of Acrobat Reader DC are affected by this vulnerability?
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier), and 2017.011.30199 (and earlier) are affected by this vulnerability.
What is the severity rating of CVE-2021-39861?
The severity rating of CVE-2021-39861 is 5.5 (medium).
How can this vulnerability be exploited?
This vulnerability can be exploited to lead to the disclosure of arbitrary memory information in the context of the current user.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following reference link: [Adobe Security Bulletin APSB21-55](https://helpx.adobe.com/security/products/acrobat/apsb21-55.html).
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/adobe
- canonical/adobe acrobat dc
- version/adobe acrobat dc/20.006.20034
- version/adobe acrobat dc/21.005.20060
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat dc/21.005.20058
- vendor/apple
- canonical/apple macos
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/20.006.20034
- version/adobe acrobat reader dc/21.005.20060
- canonical/adobe acrobat 2017
- version/adobe acrobat 2017/17.011.30158
- version/adobe acrobat 2017/17.011.30199
- canonical/adobe acrobat reader 2017
- version/adobe acrobat reader 2017/17.011.30158
- version/adobe acrobat reader 2017/17.011.30199
- canonical/adobe acrobat reader
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.004.30006