CVE-2017-2941

CVE-2017-2941

Name

CVE-2017-2941

Description

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
psirt@adobe.com	http://www.securityfocus.com/bid/95345
psirt@adobe.com	http://www.securitytracker.com/id/1037574
psirt@adobe.com	http://www.zerodayinitiative.com/advisories/ZDI-17-002
Patch	https://helpx.adobe.com/security/products/acrobat/apsb17-01.html

Type

URI

psirt@adobe.com

http://www.securityfocus.com/bid/95345

psirt@adobe.com

http://www.securitytracker.com/id/1037574

psirt@adobe.com

http://www.zerodayinitiative.com/advisories/ZDI-17-002

Patch

https://helpx.adobe.com/security/products/acrobat/apsb17-01.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:adobe:acrobat::::::::`	acrobat	>= None	<= 11.0.18
`cpe:2.3:a:adobe:acrobat_dc:::::classic:::*`	acrobat_dc	>= None	<= 15.006.30244
`cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*`	acrobat_dc	>= None	<= 15.020.20042
`cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*`	acrobat_reader_dc	>= None	<= 15.006.30244
`cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*`	acrobat_reader_dc	>= None	<= 15.020.20042
`cpe:2.3:a:adobe:reader::::::::`	reader	>= None	<= 11.0.18

CPE URI

Source package

Min version

Max version

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*

acrobat

>= None

<= 11.0.18

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*

acrobat_dc

>= None

<= 15.006.30244

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*

acrobat_dc

>= None

<= 15.020.20042

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*

acrobat_reader_dc

>= None

<= 15.006.30244

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*

acrobat_reader_dc

>= None

<= 15.020.20042

cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*

reader

>= None

<= 11.0.18

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
reader	edge-community	0.5.0-r5	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r4	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r3	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r0	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r3	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r0	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.5-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.5-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.5-r0	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r4	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r3	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.4.5-r5	Adam Thiede <me@adamthiede.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages