Multiple vulnerabilities in Adobe Acrobat and Reader
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 28 |
| CVE-ID | CVE-2021-44715 CVE-2021-45068 CVE-2021-45067 CVE-2021-45064 CVE-2021-45063 CVE-2021-45062 CVE-2021-45061 CVE-2021-45060 CVE-2021-44742 CVE-2021-44741 CVE-2021-44740 CVE-2021-44739 CVE-2021-44714 CVE-2021-44701 CVE-2021-44713 CVE-2021-44712 CVE-2021-44711 CVE-2021-44710 CVE-2021-44709 CVE-2021-44708 CVE-2021-44707 CVE-2021-44706 CVE-2021-44705 CVE-2021-44704 CVE-2021-44703 CVE-2021-44702 CVE-2022-24092 CVE-2022-24091 |
| CWE-ID | CWE-125 CWE-787 CWE-788 CWE-416 CWE-476 CWE-20 CWE-254 CWE-190 CWE-122 CWE-824 CWE-121 CWE-284 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #17 is available. Public exploit code for vulnerability #18 is available. |
| Vulnerable software Subscribe |
Adobe Acrobat Client/Desktop applications / Office applications Adobe Reader Client/Desktop applications / Office applications |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 28 vulnerabilities.
Updated: 21.03.2022
Added vulnerabilities #27-28.
1) Out-of-bounds read
EUVDB-ID: #VU59442
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44715
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU59431
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45068
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
http://www.zerodayinitiative.com/advisories/ZDI-22-058/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Access of memory location after end of buffer
EUVDB-ID: #VU59449
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-45067
CWE-ID:
CWE-788 - Access of Memory Location After End of Buffer
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Use-after-free
EUVDB-ID: #VU59424
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45064
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU59448
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45063
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when processing JP2 images. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
http://www.zerodayinitiative.com/advisories/ZDI-22-059/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU59423
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45062
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU59430
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45061
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
http://www.zerodayinitiative.com/advisories/ZDI-22-056/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU59445
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45060
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds read and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
http://www.zerodayinitiative.com/advisories/ZDI-22-060/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU59444
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44742
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU59447
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44741
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted PDF file and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU59446
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44740
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trick the victim to open a specially crafted PDF file and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU59437
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44739
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to open a specially crafted PDF file and gain access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security features bypass
EUVDB-ID: #VU59441
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44714
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to open a specially crafted PDF file and gain access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU59417
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44701
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling AcroForm fields. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
http://www.zerodayinitiative.com/advisories/ZDI-22-057/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU59439
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44713
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and crash the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU59435
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44712
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to open a specially crafted PDF file and gain access to sensitive information or crash the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Integer overflow
EUVDB-ID: #VU59434
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-44711
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
18) Use-after-free
EUVDB-ID: #VU59422
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-44710
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
19) Heap-based buffer overflow
EUVDB-ID: #VU59433
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44709
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Heap-based buffer overflow
EUVDB-ID: #VU59432
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44708
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds write
EUVDB-ID: #VU59429
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44707
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing embedded fonts. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
http://www.zerodayinitiative.com/advisories/ZDI-22-539/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU59421
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44706
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Access of uninitialized pointer
EUVDB-ID: #VU59428
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44705
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing JP2 images inside PDF files. A remote unauthenticated attacker can trick the victim to open a specially crafted PDF file, trigger a buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
http://www.zerodayinitiative.com/advisories/ZDI-22-540/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU59420
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44704
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Stack-based buffer overflow
EUVDB-ID: #VU59427
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44703
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PDF files. A remote unauthenticated attacker can trick the victim to open a specially crafted PDF file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper access control
EUVDB-ID: #VU59425
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44702
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can trick the victim to open a specially crafted PDF file, bypass implemented security restrictions and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 15.006.30503 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds write
EUVDB-ID: #VU61479
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24092
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
http://www.zerodayinitiative.com/advisories/ZDI-22-513/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds write
EUVDB-ID: #VU61478
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24091
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAdobe Acrobat: 17.008.30051 - 21.007.20099
Adobe Reader: 21.001.20135 - 2020.013.20074
External linkshttp://helpx.adobe.com/security/products/acrobat/apsb22-01.html
http://www.zerodayinitiative.com/advisories/ZDI-22-512/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
