Heap Overflow Vulnerability in Adobe Acrobat Reader
CVE-2017-3048

7.8HIGH

Key Information:

Vendor
Adobe
Status
Adobe Acrobat Reader 11.0.19 And Earlier, 15.006.30280 And Earlier, 15.023.20070 And Earlier.
Vendor
CVE Published:
12 April 2017

Summary

Adobe Acrobat Reader is affected by a heap overflow vulnerability in its image conversion engine, specifically in the way it handles TIFF files. This vulnerability arises from improper internal scan line representation, which could be exploited to execute arbitrary code on the affected systems. Users running versions 11.0.19 or earlier, as well as 15.006.30280 and 15.023.20070 or earlier are urged to update their software to mitigate this security risk.

Affected Version(s)

Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier. Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.

References

http://www.securitytracker.com/id/1038228
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97549
vdb-entryx_refsource_BID
https://helpx.adobe.com/security/products/acrobat/apsb17-...
x_refsource_CONFIRM

EPSS Score

54% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.