CVE-2017-16407

HIGH

Adobe Acrobat and Reader Out-of-bounds Write via EMF EMR_BITBLT Record Handling

Title source: llm
STIX 2.1

Description

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of handling an EMF EMR_BITBLT record. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039791
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101812

Scores

CVSS v3 8.8
EPSS 0.0887
EPSS Percentile 94.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (7)
adobe/acrobat < 11.0.22
adobe/acrobat_dc - - 17.012.20098
adobe/acrobat_dc 15.0 - 15.006.30355
adobe/acrobat_reader < 11.0.22
adobe/acrobat_reader_dc - - 17.012.20098
adobe/acrobat_reader_dc 15.0 - 15.006.30355
n/a/Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.
Published Dec 09, 2017
Tracked Since Feb 18, 2026