CyberSec.Space Logo
Back to CVE Browser

CVE-2021-21017

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score27.8880%
EPSS Percentile92.41th
PublishedFeb 11, 2021
Last ModifiedOct 23, 2025

Vulnerability Description

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Platforms (CPE)

πŸ“¦
Adobe

Acrobat

>= 17.0 and <= 17.011.30188
πŸ“¦
Adobe

Acrobat

>= 20.0 and <= 20.001.30018
πŸ“¦
Adobe

Acrobat Dc

<= 20.013.20074
πŸ“¦
Adobe

Acrobat Reader

>= 17.0 and <= 17.011.30188
πŸ“¦
Adobe

Acrobat Reader

>= 20.0 and <= 20.001.300183
πŸ“¦
Adobe

Acrobat Reader Dc

<= 20.013.20074

References & Advisories

πŸ”— https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
πŸ”— https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21017

Related Vulnerabilities

CVE-2004-063110.0

Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions...

CVE-2004-115210.0

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary c...

CVE-2004-063010.0

The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those bef...

CVE-2004-115310.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (appl...