CVE-2021-44740NULL Pointer Dereference in Adobe Acrobat Reader

CWE-476NULL Pointer Dereference5 documents4 sources
Severity
5.5MEDIUMNVD
CNA3.3
EPSS
0.8%
top 26.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe Acrobat ReaderAdobe AcrobatAdobe Acrobat DC+1 more
Timeline
PublishedJan 14
Latest updateMar 4

Description

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5adobe/acrobat_readerunspecified21.007.20099+3
NVDadobe/acrobat_reader17.011.3005917.011.30204+1
NVDadobe/acrobat_reader_dc15.008.2008221.007.20099
NVDadobe/acrobat17.011.3005917.011.30204+1
NVDadobe/acrobat_dc15.008.2008221.007.20099

🔴Vulnerability Details

2
GHSA
GHSA-wmqh-98vp-whh4: Acrobat Reader DC version 212022-01-15
CVEList
Adobe Acrobat Pro DC NULL Pointer Dereference could lead to Application-denial-of-service2022-01-14

🕵️Threat Intelligence

2
Zscaler
Heap-based Buffer Overflow vulnerability in Adobe Acrobat DC2022-03-04
Zscaler
Zscaler protects against 25 Adobe vulnerability | 01-11-2022
CVE-2021-44740 — NULL Pointer Dereference in Adobe | cvebase