CVE-2017-3055

EUVD-2017-12196
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
adobeacrobat
𝑥
≤ 11.0.19
adobeacrobat_dc
𝑥
≤ 15.006.30280
adobeacrobat_dc
𝑥
≤ 15.023.20070
adobeacrobat_reader_dc
𝑥
≤ 15.006.30280
adobeacrobat_reader_dc
𝑥
≤ 15.023.20070
adobereader
𝑥
≤ 11.0.19
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97549
http://www.securitytracker.com/id/1038228
https://helpx.adobe.com/security/products/acrobat/apsb17-11.html
http://www.zerodayinitiative.com/advisories/ZDI-17-280/
http://www.securityfocus.com/bid/97549
http://www.securitytracker.com/id/1038228
https://helpx.adobe.com/security/products/acrobat/apsb17-11.html