CVE-2017-3029 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer16 documents4 sources

Severity

3.3LOWNVD

EPSS

2.0%

top 16.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat DC Adobe Acrobat Reader DC +1 more

Timeline

PublishedApr 12

Latest updateMay 17

Description

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDadobe/acrobat_reader_dc15.006.30280+1

▶NVDadobe/reader11.0.19

▶NVDadobe/acrobat11.0.19

▶NVDadobe/acrobat_dc15.006.30280+1

🔴Vulnerability Details

GHSA

GHSA-f869-6wrc-2qp8: Adobe Acrobat Reader versions 11↗2022-05-17

▶

CVEList

CVE-2017-3029: Adobe Acrobat Reader versions 11↗2017-04-12

▶

📋Vendor Advisories

Red Hat

chromium-browser: race condition in webrtc↗2017-05-02

▶

Red Hat

chromium-browser: type confusion in pdfium↗2017-04-19

▶

Red Hat

chromium-browser: url spoofing in omnibox↗2017-04-19

▶

Red Hat

chromium-browser: heap use after free in print preview↗2017-04-19

▶

Red Hat

chromium-browser: incorrect ui in blink↗2017-04-19

▶