CVE-2017-2966Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.8HIGHNVD
EPSS
4.8%
top 10.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe AcrobatAdobe Acrobat DCAdobe Acrobat Reader DC+1 more
Timeline
PublishedJan 11
Latest updateMay 17

Description

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDadobe/acrobat_reader_dc15.006.30244+1
NVDadobe/reader11.0.18
NVDadobe/acrobat11.0.18
NVDadobe/acrobat_dc15.006.30244+1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-5rrv-7pqq-xw59: Adobe Acrobat Reader versions 152022-05-17
CVEList
CVE-2017-2966: Adobe Acrobat Reader versions 152017-01-11
CVE-2017-2966 — Adobe Acrobat vulnerability | cvebase