CVE-2021-45063: Adobe Acrobat Reader DC JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
First published: Tue Jan 11 2022(Updated: )
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat | >=15.008.20082<=21.007.20099 | |
| Adobe Acrobat Reader | >=15.008.20082<=21.007.20099 | |
| Microsoft Windows | ||
| Adobe Acrobat Reader | >=17.011.30059<=17.011.30204 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30017 | |
| Adobe Acrobat Reader | >=17.011.30059<=17.011.30204 | |
| Adobe Acrobat Reader | >=20.001.30005<=20.004.30017 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-45063?
CVE-2021-45063 has been classified as a critical vulnerability due to its potential for sensitive memory disclosure.
How do I fix CVE-2021-45063?
To fix CVE-2021-45063, users should update to the latest versions of Adobe Acrobat Reader DC and Adobe Acrobat.
What software versions are affected by CVE-2021-45063?
CVE-2021-45063 affects Adobe Acrobat Reader DC versions 21.007.20099 and earlier, 20.004.30017 and earlier, and Adobe Acrobat versions 17.011.30204 and earlier.
What type of vulnerability is CVE-2021-45063?
CVE-2021-45063 is a use-after-free vulnerability that occurs during the processing of Format event actions.
Can CVE-2021-45063 be exploited remotely?
Yes, CVE-2021-45063 can be exploited by an attacker to potentially disclose sensitive memory remotely.
- agent/type
- agent/author
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat
- version/adobe acrobat/15.008.20082
- version/adobe acrobat/21.007.20099
- canonical/adobe acrobat reader
- version/adobe acrobat reader/15.008.20082
- version/adobe acrobat reader/21.007.20099
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/17.011.30059
- version/adobe acrobat reader/17.011.30204
- version/adobe acrobat reader/20.001.30005
- version/adobe acrobat reader/20.004.30017
- vendor/apple
- canonical/apple ios and macos