CVE-2021-39845

Published Sep 29, 2021

Last updated 3 years ago

CVSS medium 6.1

Overview

Description: Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader.
Source: psirt@adobe.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 4.2
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:P

Weaknesses

psirt@adobe.com: CWE-121
nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CD4CE56-464A-4679-91C3-527DA78BCFAE",
            "versionEndIncluding": "20.004.30006",
            "versionStartIncluding": "20.001.30005"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39B2389A-9FDD-45DC-8CAD-637B8CA265D9",
            "versionEndIncluding": "20.004.30006",
            "versionStartIncluding": "20.001.30005"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2FC4D9A-C9B4-45DD-9D8D-9FBD8C6DAA83",
            "versionEndIncluding": "21.005.20058",
            "versionStartIncluding": "15.008.20082"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B149932-7CC5-4CE0-B6A6-D34E140705B0",
            "versionEndIncluding": "21.005.20058",
            "versionStartIncluding": "15.008.20082"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D19D3819-2ED8-48A7-A8A1-0A1AF6A7F1E5",
            "versionEndIncluding": "21.005.20060",
            "versionStartIncluding": "15.008.20082"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C69371A7-DB10-4407-8FD3-7DF99587F0F6",
            "versionEndIncluding": "21.005.20060",
            "versionStartIncluding": "15.008.20082"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81382F25-AF78-476F-B5D5-824A23354FA2",
            "versionEndIncluding": "17.011.30199",
            "versionStartIncluding": "17.011.30059"
          },
          {
            "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DC875CE-98F6-46A9-A5DE-4E1A24CA1DED",
            "versionEndIncluding": "17.011.30199",
            "versionStartIncluding": "17.011.30059"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References