What is CVE-2021-28553?

CVE-2021-28553 is a high-severity vulnerability in Adobe Acrobat Reader, classified under Use After Free. CVSS score: 8.8/10. Published 2021-09-02.

How severe is CVE-2021-28553?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2021-28553 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Adobe Acrobat Reader

CVE-2021-28553

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability…

Vulnerability class: Use-After-Free

EPSS: 0.424 (97.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Adobe Acrobat Reader — versions unspecified

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

References

helpx.adobe.com/security/products/acrobat/apsb21-29.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-28553?: CVE-2021-28553 is a high-severity vulnerability in Adobe Acrobat Reader, classified under Use After Free. CVSS score: 8.8/10. Published 2021-09-02.
How severe is CVE-2021-28553?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2021-28553 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.