← Back

CVE-2017-16412

nvd nist
Published: Dec 9, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

Affected (8)

Adobe
4 products
Acrobat
Acrobat Dc
Acrobat Reader
Acrobat Reader Dc
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Acrobat
Up to 11.0.22
Acrobat
From 17.0 to 17.011.30066
Adobe
Acrobat Dc
From 15.0 to 15.006.30355
Acrobat Dc
From - to 17.012.20098
Adobe
Acrobat Reader
Up to 11.0.22
Acrobat Reader
From 17.0 to 17.011.30066
Adobe
Acrobat Reader Dc
From 15.0 to 15.006.30355
Acrobat Reader Dc
From - to 17.012.20098

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (6)

Source: psirt@adobe.com
Third Party AdvisoryVDB Entry
Source: psirt@adobe.com
Third Party AdvisoryVDB Entry
Source: psirt@adobe.com
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.