CVE-2021-39845
Description
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
EPSS Score
Exploitation Probability
1.021
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2021-39845,CVE-2021-39846 are affected in Adobe Acrobat DC (Classic Track) 20.004.30006 | Windows |
| Vulnerability CVE-2021-39845,CVE-2021-39846 are affected in Adobe Acrobat Reader DC 20.004.30006 | Windows |
| Vulnerability CVE-2021-39845,CVE-2021-39846 are affected in Adobe Acrobat Reader DC MUI (Classic Track) 20.004.30006 | Windows |
| Vulnerability CVE-2021-39845,CVE-2021-39846 are affected in Adobe Acrobat Reader DC MUI 20.004.30006 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-321391 | Adobe Acrobat 2020 (Classic Track) (20.004.30015) (APSB21-55) |
| PATCH-334840 | Adobe Acrobat Reader DC (23.008.20421) |
| PATCH-346071 | Adobe Acrobat Reader 2020 MUI (Classic Track) (20.005.30763) |
| PATCH-343122 | Adobe Acrobat Reader DC MUI (24.004.20272) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234