Skip to main content

Acrobat CVE-2017-3050

HIGH
Out-of-bounds Write (CWE-787)
2017-04-12 psirt@adobe.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 12, 2017 - 14:59 cve.org
HIGH 7.8

DescriptionCVE.org

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution.

AnalysisAI

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution. Affected products include: Adobe Acrobat, Adobe Acrobat Dc, Adobe Acrobat Reader Dc, Adobe Reader.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2013-2730 CRITICAL POC
10.0 May 16

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attacke

CVE-2015-3073 CRITICAL POC
10.0 May 13

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass inten

CVE-2014-9160 CRITICAL
10.0 May 13

Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows

CVE-2013-3356 CRITICAL
10.0 Sep 12

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke

CVE-2013-3353 CRITICAL
10.0 Sep 12

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attacke

CVE-2016-4203 CRITICAL POC
9.8 Jul 13

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acro

CVE-2013-3351 CRITICAL
10.0 Sep 12

Multiple stack-based buffer overflows in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and M

CVE-2015-7622 CRITICAL POC
10.0 Oct 14

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.

CVE-2013-3358 CRITICAL
10.0 Sep 12

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack

CVE-2013-3357 CRITICAL
10.0 Sep 12

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attack

CVE-2014-0561 CRITICAL
10.0 Sep 17

Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X a

CVE-2012-0774 CRITICAL
10.0 Apr 10

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitra

Share

CVE-2017-3050 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy