CVE-2021-40731: Adobe Acrobat Reader DC JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
First published: Tue Oct 12 2021(Updated: )
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat | >=15.008.20082<=21.007.20095 | |
| Adobe Acrobat Reader | >=15.008.20082<=21.007.20095 | |
| Microsoft Windows | ||
| Adobe Acrobat | >=15.008.20082<=21.007.20096 | |
| Adobe Acrobat Reader | >=15.008.20082<=21.007.20096 | |
| Apple iOS and macOS | ||
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30015 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30015 | |
| Adobe Acrobat Reader | >=17.011.30158<=17.011.30202 | |
| Adobe Acrobat Reader | >=17.011.30158<=17.011.30202 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-40731?
CVE-2021-40731 is rated as critical due to its potential for arbitrary code execution.
How do I fix CVE-2021-40731?
To mitigate CVE-2021-40731, upgrade your Adobe Acrobat Reader DC or Acrobat to the latest version as provided by Adobe.
What versions of Adobe Acrobat Reader DC are affected by CVE-2021-40731?
CVE-2021-40731 affects Adobe Acrobat Reader DC version 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, and 17.011.30202 and earlier.
What types of attacks can CVE-2021-40731 enable?
CVE-2021-40731 can enable attackers to execute arbitrary code on a vulnerable system by exploiting crafted JPEG2000 files.
Is CVE-2021-40731 specific to a certain operating system?
CVE-2021-40731 impacts Adobe Acrobat products and is not specific to any operating system as it affects versions across Windows and Mac.
- agent/type
- agent/author
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat
- version/adobe acrobat/15.008.20082
- version/adobe acrobat/21.007.20095
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/21.007.20095
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat/21.007.20096
- version/adobe acrobat reader/21.007.20096
- vendor/apple
- canonical/apple ios and macos
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.004.30015
- version/adobe acrobat reader/17.011.30158
- version/adobe acrobat reader/17.011.30202