CVE-2021-39846— Adobe Acrobat Reader /Parent Property Recursive Stack Overflow

CVSS 6.1 · Medium EPSS 1.02% · P77 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-39846

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Adobe Acrobat Reader /Parent Property Recursive Stack Overflow

Source: NVD (National Vulnerability Database)

Vulnerability Description

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

栈缓冲区溢出

Source: NVD (National Vulnerability Database)

Vulnerability Title

Adobe Acrobat和Adobe Reader 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Adobe Acrobat和Adobe Reader都是美国奥多比（Adobe）公司的产品。Adobe Acrobat是一套PDF文件编辑和转换工具。Adobe Reader是一套PDF文档阅读软件。 Adobe Acrobat 和 Reader存在安全漏洞，该漏洞源于处理 PDF 文件时的边界错误。远程攻击者可以欺骗受害者打开特制的 PDF 文件，触发基于堆栈的缓冲区溢出并在目标系统上执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Adobe	Acrobat Reader	unspecified ~ 2020.004.30006	-

II. Public POCs for CVE-2021-39846

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-39846

请登录查看更多情报信息。

Same Patch Batch · Adobe · 2021-09-29 · 41 CVEs total

CVE-2021-39831	7.8 HIGH	Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-39863	7.8 HIGH	Adobe Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary C
CVE-2021-40715	7.8 HIGH	Adobe Premiere Pro 2021 EXR File Parsing Leads to Memory Corruption
CVE-2021-39843	7.8 HIGH	Adobe Acrobat Reader XObject Out-of-Bound Write Vulnerability
CVE-2021-40708	7.3 HIGH	Adobe Genuine Service Installer Privilege Escalation Vulnerability
CVE-2021-39855	6.5 MEDIUM	Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via src Parameter
CVE-2021-39856	6.5 MEDIUM	Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via LoadFile
CVE-2021-39845	6.1 MEDIUM	Adobe Acrobat Reader Page Tree Node Recursive Stack Overflow
CVE-2021-39861	5.5 MEDIUM	Adobe Acrobat Reader DC Catalog Plugin Out-of-Bounds Read Bug
CVE-2021-39851	5.5 MEDIUM	Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Servi
CVE-2021-39852	5.5 MEDIUM	Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Servi
CVE-2021-39850	5.5 MEDIUM	Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Servi
CVE-2021-39849	5.5 MEDIUM	Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Servi
CVE-2021-39860	5.5 MEDIUM	Adobe Acrobat Reader DC Search Plugin Null Pointer Dereference
CVE-2021-39844	3.3 LOW	Adobe Acrobat Reader CalRGB Out-of-Bounds Read Vulnerability
CVE-2021-39832		Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
CVE-2021-39836		Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulner
CVE-2021-39835		Adobe FrameMaker PDF File Parsing Use-After-Free Information Disclosure Vulnerability
CVE-2021-39837		Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnera
CVE-2021-39839		Adobe Acrobat Reader DC AcroForm getItemAt Use-After-Free Remote Code Execution Vulnerabil

Showing top 20 of 41 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Acrobat Reader

Same vendor: Adobe

Same weakness: CWE-121

V. Comments for CVE-2021-39846

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-39846— Adobe Acrobat Reader /Parent Property Recursive Stack Overflow

I. Basic Information for CVE-2021-39846

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-39846

III. Intelligence Information for CVE-2021-39846

Same Patch Batch · Adobe · 2021-09-29 · 41 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-39846

Leave a comment