CVE-2021-40729: Adobe Acrobat Reader DC PDF Out-of-Bound Read Vulnerability Information Disclosure
First published: Fri Oct 15 2021(Updated: )
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader DC | >=15.008.20082<=21.007.20095 | |
| Adobe Acrobat Reader | >=15.008.20082<=21.007.20095 | |
| Microsoft Windows Operating System | ||
| Adobe Acrobat Reader DC | >=15.008.20082<=21.007.20096 | |
| Adobe Acrobat Reader | >=15.008.20082<=21.007.20096 | |
| macOS | ||
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30015 | |
| Adobe Acrobat Reader Notification Manager | >=20.001.30005<=20.004.30015 | |
| Adobe Acrobat Reader | >=17.011.30158<=17.011.30202 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.30158<=17.011.30202 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-40729?
CVE-2021-40729 has been classified as a moderate severity vulnerability.
How do I fix CVE-2021-40729?
To fix CVE-2021-40729, update Adobe Acrobat Reader DC to the latest version as recommended by Adobe.
What versions are affected by CVE-2021-40729?
CVE-2021-40729 affects Adobe Acrobat Reader DC version 21.007.20095 and earlier versions, among others.
What type of vulnerability is CVE-2021-40729?
CVE-2021-40729 is an out-of-bounds read vulnerability that may lead to sensitive memory disclosure.
Who can exploit CVE-2021-40729?
An attacker with knowledge of the vulnerability could potentially exploit CVE-2021-40729 to gain access to sensitive information.
- agent/type
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/title
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.008.20082
- version/adobe acrobat reader dc/21.007.20095
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/21.007.20095
- vendor/microsoft
- canonical/microsoft windows operating system
- version/adobe acrobat reader dc/21.007.20096
- version/adobe acrobat reader/21.007.20096
- vendor/apple
- canonical/macos
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.004.30015
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/20.001.30005
- version/adobe acrobat reader notification manager/20.004.30015
- version/adobe acrobat reader/17.011.30158
- version/adobe acrobat reader/17.011.30202
- version/adobe acrobat reader notification manager/17.011.30158
- version/adobe acrobat reader notification manager/17.011.30202