9.3
CVE-2017-16391
- EPSS 8.68%
- Published 09.12.2017 06:29:02
- Last modified 20.04.2025 01:37:25
- Source psirt@adobe.com
- Teams watchlist Login
- Open Login
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.
Data is provided by the National Vulnerability Database (NVD)
Adobe ≫ Acrobat Dc SwEditioncontinuous Version >= - <= 17.012.20098
Adobe ≫ Acrobat Dc SwEditionclassic Version >= 15.0 <= 15.006.30355
Adobe ≫ Acrobat Reader Version <= 11.0.22
Adobe ≫ Acrobat Reader Version >= 17.0 <= 17.011.30066
Adobe ≫ Acrobat Reader Dc SwEditioncontinuous Version >= - <= 17.012.20098
Adobe ≫ Acrobat Reader Dc SwEditionclassic Version >= 15.0 <= 15.006.30355
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.68% | 0.921 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.