Skip to main content

Digital Editions CVE-2017-11274

CRITICAL
Use After Free (CWE-416)
2017-08-11 psirt@adobe.com
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 11, 2017 - 19:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

AnalysisAI

Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Affected products include: Adobe Digital Editions.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

CVE-2016-0954 CRITICAL POC
9.8 Mar 09

Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corr

CVE-2017-2973 CRITICAL
9.8 Feb 15

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Rated critical severi

CVE-2013-1377 CRITICAL
10.0 Jul 31

Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory

CVE-2017-3097 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve

CVE-2017-3092 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve

CVE-2017-3090 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve

CVE-2014-0494 CRITICAL
10.0 Jan 23

Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption

CVE-2017-3088 CRITICAL
10.0 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime

CVE-2017-3095 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing

CVE-2016-6980 CRITICAL
9.8 Sep 26

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspe

CVE-2016-4263 CRITICAL
9.8 Sep 16

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspe

CVE-2017-3096 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character c

Share

CVE-2017-11274 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy