CVE-2017-2964: Buffer Overflow
First published: Wed Jan 11 2017(Updated: )
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | <=11.0.18 | |
| Adobe Acrobat Reader DC | <=15.006.30244 | |
| Adobe Acrobat Reader DC | <=15.020.20042 | |
| Adobe Acrobat Reader | <=15.006.30244 | |
| Adobe Acrobat Reader | <=15.020.20042 | |
| Adobe Acrobat Reader | <=11.0.18 | |
| Apple iOS and macOS | ||
| Microsoft Windows Operating System | ||
| All of | ||
| Any of | ||
| Adobe Acrobat Reader | <=11.0.18 | |
| Adobe Acrobat Reader DC | <=15.006.30244 | |
| Adobe Acrobat Reader DC | <=15.020.20042 | |
| Adobe Acrobat Reader | <=15.006.30244 | |
| Adobe Acrobat Reader | <=15.020.20042 | |
| Adobe Acrobat Reader | <=11.0.18 | |
| Any of | ||
| Apple iOS and macOS | ||
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-2964?
CVE-2017-2964 has a high severity rating due to the potential for arbitrary code execution.
How do I fix CVE-2017-2964?
To fix CVE-2017-2964, update Adobe Acrobat Reader to versions 15.020.20043 or later, 15.006.30245 or later, or 11.0.19 or later.
What software versions are affected by CVE-2017-2964?
CVE-2017-2964 affects Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, and 11.0.18 and earlier.
What type of vulnerability is CVE-2017-2964?
CVE-2017-2964 is a memory corruption vulnerability related to the image conversion engine and parsing of JPEG EXIF metadata.
Can CVE-2017-2964 lead to remote attacks?
Yes, successful exploitation of CVE-2017-2964 could enable remote attackers to execute arbitrary code on the affected system.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/11.0.18
- canonical/adobe acrobat reader dc
- version/adobe acrobat reader dc/15.006.30244
- version/adobe acrobat reader dc/15.020.20042
- version/adobe acrobat reader/15.006.30244
- version/adobe acrobat reader/15.020.20042
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows operating system