CVE-2021-40731

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader DC versions 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, and 17.011.30202 and earlier Adobe Acrobat 2017 and earlier Adobe Acrobat Reader 2017 and earlier Adobe Acrobat 2020 and earlier Adobe Acrobat Reader 2020 and earlier

Description The issue is related to an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file. This vulnerability allows attackers to execute arbitrary code.

Recommendations For Adobe Acrobat Reader DC versions 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, and 17.011.30202 and earlier, update to a version that is not affected by this issue. For Adobe Acrobat 2017 and earlier, Adobe Acrobat Reader 2017 and earlier, Adobe Acrobat 2020 and earlier, and Adobe Acrobat Reader 2020 and earlier, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of the JPEG2000 parsing functionality until a patch is available. Restrict access to malicious files to minimize the risk of exploitation.