CVE-2017-3022 — Out-of-bounds Read in Adobe Acrobat

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

3.3LOWNVD

EPSS

2.1%

top 15.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader DC +1 more

Timeline

PublishedApr 12

Latest updateMay 17

Description

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDadobe/acrobat_reader_dc15.006.30280+1

▶NVDadobe/reader11.0.19

▶NVDadobe/acrobat11.0.19

▶NVDadobe/acrobat_dc15.006.30280+1

🔴Vulnerability Details

GHSA

GHSA-9whm-fxr7-rp9v: Adobe Acrobat Reader versions 11↗2022-05-17

▶

CVEList

CVE-2017-3022: Adobe Acrobat Reader versions 11↗2017-04-12

▶