CVE-2017-3020 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

3.3LOWNVD

EPSS

2.0%

top 16.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader DC +1 more

Timeline

PublishedApr 12

Latest updateMay 17

Description

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDadobe/acrobat_reader_dc15.006.30280+1

▶NVDadobe/reader11.0.19

▶NVDadobe/acrobat11.0.19

▶NVDadobe/acrobat_dc15.006.30280+1

🔴Vulnerability Details

GHSA

GHSA-37wr-4wrp-xh2r: Adobe Acrobat Reader versions 11↗2022-05-17

▶

CVEList

CVE-2017-3020: Adobe Acrobat Reader versions 11↗2017-04-12

▶