CVE-2017-16371: Buffer Overflow
First published: Sat Dec 09 2017(Updated: )
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaScript engine. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | <=11.0.22 | |
| Adobe Acrobat Reader | >=17.0<=17.011.30066 | |
| Adobe Acrobat Reader DC | >=-<=17.012.20098 | |
| Adobe Acrobat Reader DC | >=15.0<=15.006.30355 | |
| Adobe Acrobat Reader Notification Manager | <=11.0.22 | |
| Adobe Acrobat Reader Notification Manager | >=17.0<=17.011.30066 | |
| Adobe Acrobat Reader | >=-<=17.012.20098 | |
| Adobe Acrobat Reader | >=15.0<=15.006.30355 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-16371?
The severity of CVE-2017-16371 is classified as critical due to its potential for exploitation via untrusted pointer dereference in Adobe Acrobat and Reader.
How do I fix CVE-2017-16371?
To fix CVE-2017-16371, users should update Adobe Acrobat and Reader to the latest version that addresses this vulnerability.
What versions are affected by CVE-2017-16371?
CVE-2017-16371 affects Adobe Acrobat and Reader versions including 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Can CVE-2017-16371 be exploited remotely?
Yes, CVE-2017-16371 can potentially be exploited remotely through maliciously crafted PDF documents.
What safeguards can I implement against CVE-2017-16371?
To safeguard against CVE-2017-16371, users should avoid opening untrusted PDF files and ensure regular updates of Adobe products to mitigate vulnerabilities.
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/11.0.22
- version/adobe acrobat reader/17.0
- version/adobe acrobat reader/17.011.30066
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/-
- version/adobe acrobat reader dc/17.012.20098
- version/adobe acrobat reader dc/15.0
- version/adobe acrobat reader dc/15.006.30355
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/11.0.22
- version/adobe acrobat reader notification manager/17.0
- version/adobe acrobat reader notification manager/17.011.30066
- version/adobe acrobat reader/-
- version/adobe acrobat reader/17.012.20098
- version/adobe acrobat reader/15.0
- version/adobe acrobat reader/15.006.30355