CVE-2021-39863: Adobe Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution
First published: Wed Sep 29 2021(Updated: )
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Dc | >=15.008.20082<=21.005.20060 | |
| Microsoft Windows | ||
| Adobe Acrobat Dc | >=15.008.20082<=21.005.20058 | |
| Apple macOS | ||
| Adobe Acrobat Reader DC | >=15.008.20082<=21.005.20060 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30006 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30006 | |
| Adobe Acrobat 2017 | >=17.011.30059<=17.011.30199 | |
| Adobe Acrobat Reader 2017 | >=17.011.30059<=17.011.30199 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-39863.
Which versions of Acrobat Reader DC are affected by this vulnerability?
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier), and 2017.011.30199 (and earlier) are affected by this vulnerability.
What is the severity of CVE-2021-39863?
The severity of CVE-2021-39863 is high with a CVSS score of 7.8.
How can an attacker exploit this vulnerability?
An unauthenticated attacker can leverage this vulnerability by parsing a specially crafted PDF file to achieve arbitrary code execution.
Is Microsoft Windows or Apple macOS affected by this vulnerability?
No, Microsoft Windows and Apple macOS are not affected by this vulnerability.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/adobe
- canonical/adobe acrobat dc
- version/adobe acrobat dc/15.008.20082
- version/adobe acrobat dc/21.005.20060
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat dc/21.005.20058
- vendor/apple
- canonical/apple macos
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.008.20082
- version/adobe acrobat reader dc/21.005.20060
- canonical/adobe acrobat reader
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.004.30006
- canonical/adobe acrobat 2017
- version/adobe acrobat 2017/17.011.30059
- version/adobe acrobat 2017/17.011.30199
- canonical/adobe acrobat reader 2017
- version/adobe acrobat reader 2017/17.011.30059
- version/adobe acrobat reader 2017/17.011.30199