CVE-2017-2971
HIGHAdobe Acrobat and Reader <= 11.0.18, <= 15.006.30244, <= 15.020.20042 - Heap Overflow in JPEG Decoder
Title source: llmDescription
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95690
Third Party Advisory x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0259/
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
Scores
CVSS v3
7.8
EPSS
0.0905
EPSS Percentile
94.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (7)
adobe/acrobat
< 11.0.18
adobe/acrobat_dc
< 15.006.30244
adobe/acrobat_dc
< 15.020.20042
adobe/acrobat_reader_dc
< 15.006.30244
adobe/acrobat_reader_dc
< 15.020.20042
adobe/reader
< 11.0.18
n/a/Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
Published
Jan 24, 2017
Tracked Since
Feb 18, 2026