CVE-2017-3034Integer Underflow (Wrap or Wraparound) in Adobe Acrobat

CWE-191Integer Underflow (Wrap or Wraparound)3 documents3 sources
Severity
7.8HIGHNVD
EPSS
3.0%
top 13.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe AcrobatAdobe Acrobat DCAdobe Acrobat Reader DC+1 more
Timeline
PublishedApr 12
Latest updateMay 17

Description

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDadobe/acrobat_reader_dc15.006.30280+1
NVDadobe/reader11.0.19
NVDadobe/acrobat11.0.19
NVDadobe/acrobat_dc15.006.30280+1

🔴Vulnerability Details

2
GHSA
GHSA-xm5w-g7hv-w7f6: Adobe Acrobat Reader versions 112022-05-17
CVEList
CVE-2017-3034: Adobe Acrobat Reader versions 112017-04-12
CVE-2017-3034 — Integer Underflow (Wrap or Wraparound) | cvebase