Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-16362

Опубликовано: 09 дек. 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 9.3
EPSS Низкий

Описание

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Версия до 11.0.22 (включая)
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Версия от 17.0 (включая) до 17.011.30066 (включая)
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Версия от - (включая) до 17.012.20098 (включая)
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Версия от 15.0 (включая) до 15.006.30355 (включая)
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Версия до 11.0.22 (включая)
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Версия от 17.0 (включая) до 17.011.30066 (включая)
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Версия от - (включая) до 17.012.20098 (включая)
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Версия от 15.0 (включая) до 15.006.30355 (включая)

EPSS

Процентиль: 92%
0.08675
Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-125

Связанные уязвимости

github логотип

GHSA-fhhf-9j5g-c4px

CVSS3: 8.8
github
больше 3 лет назад

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.

EPSS

Процентиль: 92%
0.08675
Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-125