CVE-2021-39860

Published: Sep 29, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected (8)

Products: Adobe: Acrobat, Acrobat Reader, Acrobat Dc, Acrobat Reader Dc

4 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Adobe Acrobat	From 17.011.30059 to 17.011.30199
Adobe Acrobat Reader	From 17.011.30059 to 17.011.30199

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Adobe Acrobat	From 20.001.30005 to 20.004.30006
Adobe Acrobat Reader	From 20.001.30005 to 20.004.30006

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Acrobat Dc	From 15.008.20082 to 21.005.20058
Adobe Acrobat Reader Dc	From 15.008.20082 to 21.005.20058

Running on/with	Platform Versions
Apple Macos	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Acrobat Dc	From 15.008.20082 to 21.005.20060
Adobe Acrobat Reader Dc	From 15.008.20082 to 21.005.20060

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

https://helpx.adobe.com/security/products/acrobat/apsb21-55.html

Source: psirt@adobe.com

Release NotesVendor Advisory

https://helpx.adobe.com/security/products/acrobat/apsb21-55.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.