CVE-2021-45067
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD
Description
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Affected (6)
Products: Adobe: Acrobat, Acrobat Reader, Acrobat Dc, Acrobat Reader Dc
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 17.011.30059 to 17.011.30204 | |
| From 17.011.30059 to 17.011.30204 |
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From 15.008.20082 to 21.007.20099 | |
| From 15.008.20082 to 21.007.20099 |
| Running on/with | Platform Versions |
|---|---|
Apple Macos | All versions |
Related CWEs
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-788
Access of Memory Location After End of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.
References (2)
Source: psirt@adobe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.