CVE-2021-40730: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader DC versions 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) were affected by a use-after-free vulnerability that could allow remote attackers to disclose sensitive information. The vulnerability was discovered and reported to Adobe on September 8, 2021, and was publicly disclosed on October 14, 2021. The vulnerability was assigned CVE-2021-40730 and was discovered by an anonymous researcher working with Trend Micro's Zero Day Initiative (Adobe Security, ZDI Advisory).

The vulnerability exists within the parsing of JPG2000 images in Adobe Acrobat Reader DC. The specific flaw results from the lack of validating the existence of an object prior to performing operations on the object. The vulnerability has been assigned a CVSS score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a relatively low severity (ZDI Advisory).

When successfully exploited, this vulnerability allows attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. The vulnerability could potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Adobe has issued an update to correct this vulnerability. Users of affected versions should update their Adobe Acrobat Reader DC installations to the latest version as detailed in the Adobe Security Bulletin (Adobe Security).