CVE-2021-39836— Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulnerability

EPSS 45.46% · P98 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-39836

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

释放后使用

Source: NVD (National Vulnerability Database)

Vulnerability Title

Adobe Acrobat和Adobe Reader 资源管理错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Adobe Acrobat和Adobe Reader都是美国奥多比（Adobe）公司的产品。Adobe Acrobat是一套PDF文件编辑和转换工具。Adobe Reader是一套PDF文档阅读软件。 Adobe Acrobat 和 Reader存在资源管理错误漏洞，该漏洞的存在是由于一个NULL指针解除引用错误。远程攻击者可利用该漏洞可以欺骗受害者打开一个特制的文件并执行拒绝服务(DoS)攻击。该漏洞允许远程攻击者可利用该漏洞执行拒绝服务(DoS)攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Adobe	Acrobat Reader	unspecified ~ DC 2021 July	-

II. Public POCs for CVE-2021-39836

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-39836

请登录查看更多情报信息。

Same Patch Batch · Adobe · 2021-09-29 · 41 CVEs total

CVE-2021-39831	7.8 HIGH	Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-39863	7.8 HIGH	Adobe Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary C
CVE-2021-40715	7.8 HIGH	Adobe Premiere Pro 2021 EXR File Parsing Leads to Memory Corruption
CVE-2021-39843	7.8 HIGH	Adobe Acrobat Reader XObject Out-of-Bound Write Vulnerability
CVE-2021-40708	7.3 HIGH	Adobe Genuine Service Installer Privilege Escalation Vulnerability
CVE-2021-39856	6.5 MEDIUM	Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via LoadFile
CVE-2021-39855	6.5 MEDIUM	Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via src Parameter
CVE-2021-39846	6.1 MEDIUM	Adobe Acrobat Reader /Parent Property Recursive Stack Overflow
CVE-2021-39845	6.1 MEDIUM	Adobe Acrobat Reader Page Tree Node Recursive Stack Overflow
CVE-2021-39861	5.5 MEDIUM	Adobe Acrobat Reader DC Catalog Plugin Out-of-Bounds Read Bug
CVE-2021-39851	5.5 MEDIUM	Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Servi
CVE-2021-39852	5.5 MEDIUM	Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Servi
CVE-2021-39850	5.5 MEDIUM	Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Servi
CVE-2021-39849	5.5 MEDIUM	Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Servi
CVE-2021-39860	5.5 MEDIUM	Adobe Acrobat Reader DC Search Plugin Null Pointer Dereference
CVE-2021-39844	3.3 LOW	Adobe Acrobat Reader CalRGB Out-of-Bounds Read Vulnerability
CVE-2021-39838		Adobe Acrobat Reader DC AcroForm buttonGetCaption Use-After-Free Remote Code Execution Vul
CVE-2021-39835		Adobe FrameMaker PDF File Parsing Use-After-Free Information Disclosure Vulnerability
CVE-2021-39837		Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnera
CVE-2021-39839		Adobe Acrobat Reader DC AcroForm getItemAt Use-After-Free Remote Code Execution Vulnerabil

Showing top 20 of 41 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Acrobat Reader

Same vendor: Adobe

Same weakness: CWE-416

V. Comments for CVE-2021-39836

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-39836— Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulnerability

I. Basic Information for CVE-2021-39836

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-39836

III. Intelligence Information for CVE-2021-39836

Same Patch Batch · Adobe · 2021-09-29 · 41 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-39836

Leave a comment