CVE-2021-39863

HIGH

Adobe Acrobat DC < 21.005.20060 - Heap Buffer Overflow

Title source: rule

Description

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Exploits (2)

nomisec WORKING POC 2 stars

by lsw29475 · poc

https://github.com/lsw29475/CVE-2021-39863

View Code ZIP pw:eip

nomisec WORKING POC

by WHS-SEGFAULT · poc

https://github.com/WHS-SEGFAULT/CVE-2021-39863

View Code ZIP pw:eip

References (1)

Core 1

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://helpx.adobe.com/security/products/acrobat/apsb21-55.html

Scores

CVSS v3 7.8

EPSS 0.2214

EPSS Percentile 95.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-122

Status published

Products (6)

adobe/acrobat 20.001.30005 - 20.004.30006

adobe/acrobat_2017 17.011.30059 - 17.011.30199

adobe/acrobat_dc 15.008.20082 - 21.005.20060

adobe/acrobat_reader 20.001.30005 - 20.004.30006

adobe/acrobat_reader_2017 17.011.30059 - 17.011.30199

adobe/acrobat_reader_dc 15.008.20082 - 21.005.20060

Published Sep 29, 2021

Tracked Since Feb 18, 2026