CVE-2021-44704: Adobe Acrobat Reader Use-After-Free could lead to Arbitrary code execution
First published: Fri Jan 14 2022(Updated: )
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader DC | >=15.008.20082<=21.007.20099 | |
| Adobe Acrobat Reader | >=15.008.20082<=21.007.20099 | |
| Microsoft Windows Operating System | ||
| Adobe Acrobat Reader | >=17.011.30059<=17.011.30204 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30017 | |
| Adobe Acrobat Reader Notification Manager | >=17.011.30059<=17.011.30204 | |
| Adobe Acrobat Reader Notification Manager | >=20.001.30005<=20.004.30017 | |
| macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-44704?
CVE-2021-44704 has a high severity rating due to the potential for arbitrary code execution.
How do I fix CVE-2021-44704?
To fix CVE-2021-44704, users should update Adobe Acrobat and Acrobat Reader DC to the latest versions that address the vulnerability.
What versions are affected by CVE-2021-44704?
CVE-2021-44704 affects Adobe Acrobat Reader DC version 21.007.20099 and earlier, Adobe Acrobat version 20.004.30017 and earlier, and Adobe Acrobat version 17.011.30204 and earlier.
What is a use-after-free vulnerability in CVE-2021-44704?
A use-after-free vulnerability like CVE-2021-44704 occurs when a program continues to use a pointer after the memory it points to has been freed, potentially leading to arbitrary code execution.
How can I determine if I am vulnerable to CVE-2021-44704?
To determine if you are vulnerable to CVE-2021-44704, check the version of your Adobe Acrobat or Acrobat Reader against the affected versions listed in the CVE description.
- agent/type
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.008.20082
- version/adobe acrobat reader dc/21.007.20099
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/21.007.20099
- vendor/microsoft
- canonical/microsoft windows operating system
- version/adobe acrobat reader/17.011.30059
- version/adobe acrobat reader/17.011.30204
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.004.30017
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/17.011.30059
- version/adobe acrobat reader notification manager/17.011.30204
- version/adobe acrobat reader notification manager/20.001.30005
- version/adobe acrobat reader notification manager/20.004.30017
- vendor/apple
- canonical/macos