CVE-2021-45063: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in Adobe Acrobat Reader DC, affecting versions 21.007.20099 (and earlier), 20.004.30017 (and earlier), and 17.011.30204 (and earlier). The vulnerability was identified in the processing of Format event actions, specifically during JP2 image parsing. The issue was assigned CVE-2021-45063 and was publicly disclosed on December 14, 2021 (CVE Details).

The vulnerability stems from the lack of validation when checking the existence of an object prior to performing operations on it during JP2 image parsing. This use-after-free condition could potentially lead to the disclosure of sensitive memory information. The vulnerability has been assigned a CVSS score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a relatively low severity but still significant security impact (ZDI Advisory).

If successfully exploited, this vulnerability could lead to the disclosure of sensitive memory information. More critically, attackers could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR). However, exploitation requires user interaction, as the target must open a malicious file (CVE Details).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Acrobat Reader DC. The fix was included in the security bulletin APSB22-01 (Adobe Security).