9.3
CVSSv2

CVE-2017-16374

Published: 09/12/2017 Updated: 03/10/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

An issue exists in Adobe Acrobat and Reader: 2017.012.20098 and previous versions versions, 2017.011.30066 and previous versions versions, 2015.006.30355 and previous versions versions, and 11.0.22 and previous versions versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.

Affected Products

Vendor Product Versions
AdobeAcrobat11.0.22, 17.000.0000, 17.008.30051, 17.011.30056, 17.011.30059, 17.011.30065, 17.011.30066
AdobeAcrobat Dc15.000.0000, 15.006.30033, 15.006.30060, 15.006.30094, 15.006.30096, 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30172, 15.006.30173, 15.006.30174, 15.006.30198, 15.006.30201, 15.006.30243, 15.006.30244, 15.006.30279, 15.006.30280, 15.006.30306, 15.006.30352, 15.006.30354, 15.006.30355, 15.008.20082, 15.009.20069, 15.009.20071, 15.009.20077, 15.009.20079, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20039, 15.016.20041, 15.016.20045, 15.017.20050, 15.017.20053, 15.020.20039, 15.020.20042, 15.023.20053, 15.023.20056, 15.023.20070, 17.000.0000, 17.009.20044, 17.009.20058, 17.012.20093, 17.012.20095, 17.012.20096, 17.012.20098
AdobeAcrobat Reader11.0.22, 17.000.0000, 17.011.30059, 17.011.30065, 17.011.30066
AdobeAcrobat Reader Dc15.000.0000, 15.006.30033, 15.006.30060, 15.006.30094, 15.006.30096, 15.006.30097, 15.006.30119, 15.006.30121, 15.006.30172, 15.006.30173, 15.006.30174, 15.006.30198, 15.006.30201, 15.006.30243, 15.006.30244, 15.006.30279, 15.006.30280, 15.006.30306, 15.006.30352, 15.006.30354, 15.006.30355, 15.008.20082, 15.009.20069, 15.009.20071, 15.009.20077, 15.009.20079, 15.010.20056, 15.010.20059, 15.010.20060, 15.016.20039, 15.016.20041, 15.016.20045, 15.017.20050, 15.017.20053, 15.020.20039, 15.020.20042, 15.023.20053, 15.023.20056, 15.023.20070, 17.000.0000, 17.009.20044, 17.009.20058, 17.012.20093, 17.012.20095, 17.012.20098