CVE-2021-40730

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader DC versions 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, 17.011.30202 and earlier Adobe Acrobat 2017 and earlier Adobe Acrobat Reader 2017 and earlier Adobe Acrobat 2020 and earlier Adobe Acrobat Reader 2020 and earlier

Description The issue is related to a use-after-free flaw that allows a remote attacker to disclose sensitive information on affected installations. This can be exploited when a user visits a malicious page or opens a malicious file, with the specific flaw existing within the parsing of JPG2000 images. The vulnerability may also allow attackers to escalate privileges.

Recommendations For Adobe Acrobat Reader DC versions 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, 17.011.30202 and earlier, update to a version later than the specified versions to resolve the issue. For Adobe Acrobat 2017 and earlier, Adobe Acrobat Reader 2017 and earlier, Adobe Acrobat 2020 and earlier, Adobe Acrobat Reader 2020 and earlier, consider disabling the JPG2000 image parsing functionality as a temporary workaround until a patch is available. Restrict access to malicious pages and files to minimize the risk of exploitation.