Skip to main content

Digital Editions CVE-2017-2981

HIGH
Out-of-bounds Read (CWE-125)
2017-02-15 psirt@adobe.com
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 15, 2017 - 06:59 cve.org
HIGH 7.5

DescriptionCVE.org

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.

AnalysisAI

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. Affected products include: Adobe Digital Editions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2016-0954 CRITICAL POC
9.8 Mar 09

Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corr

CVE-2017-2973 CRITICAL
9.8 Feb 15

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Rated critical severi

CVE-2013-1377 CRITICAL
10.0 Jul 31

Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory

CVE-2017-3097 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve

CVE-2017-3092 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve

CVE-2017-3090 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve

CVE-2014-0494 CRITICAL
10.0 Jan 23

Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption

CVE-2017-3088 CRITICAL
10.0 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime

CVE-2017-3095 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing

CVE-2016-6980 CRITICAL
9.8 Sep 26

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspe

CVE-2016-4263 CRITICAL
9.8 Sep 16

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspe

CVE-2017-3096 CRITICAL
9.8 Jun 20

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character c

Share

CVE-2017-2981 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy