CVE-2017-16368

EPSS 18.4%
Published 09.12.2017 06:29:01
Last modified 06.05.2025 15:15:51
Source psirt@adobe.com
Teams watchlist Login
Open Login

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Acrobat Version <= 11.0.22

Adobe ≫ Acrobat Version >= 17.0 <= 17.011.30066

Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= - <= 17.012.20098

Adobe ≫ Acrobat Dc SwEditionclassic Version >= 15.0 <= 15.006.30355

Adobe ≫ Acrobat Reader Version <= 11.0.22

Adobe ≫ Acrobat Reader Version >= 17.0 <= 17.011.30066

Adobe ≫ Acrobat Reader Dc SwEditioncontinuous Version >= - <= 17.012.20098

Adobe ≫ Acrobat Reader Dc SwEditionclassic Version >= 15.0 <= 15.006.30355

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.4%	0.95

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securitytracker.com/id/1039791

Third Party Advisory

VDB Entry

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Vendor Advisory

http://www.securityfocus.com/bid/101816

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-16368

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16368

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16368

EUVD