CVE-2017-2946

CVE-2017-2946

Name

CVE-2017-2946

Description

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information. Successful exploitation could lead to arbitrary code execution.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
psirt@adobe.com	http://www.securityfocus.com/bid/95344
psirt@adobe.com	http://www.securitytracker.com/id/1037574
psirt@adobe.com	http://www.zerodayinitiative.com/advisories/ZDI-17-003
psirt@adobe.com	http://www.zerodayinitiative.com/advisories/ZDI-17-004
Patch	https://helpx.adobe.com/security/products/acrobat/apsb17-01.html

Type

URI

psirt@adobe.com

http://www.securityfocus.com/bid/95344

psirt@adobe.com

http://www.securitytracker.com/id/1037574

psirt@adobe.com

http://www.zerodayinitiative.com/advisories/ZDI-17-003

psirt@adobe.com

http://www.zerodayinitiative.com/advisories/ZDI-17-004

Patch

https://helpx.adobe.com/security/products/acrobat/apsb17-01.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:adobe:acrobat::::::::`	acrobat	>= None	<= 11.0.18
`cpe:2.3:a:adobe:acrobat_dc:::::classic:::*`	acrobat_dc	>= None	<= 15.006.30244
`cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*`	acrobat_dc	>= None	<= 15.020.20042
`cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*`	acrobat_reader_dc	>= None	<= 15.006.30244
`cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*`	acrobat_reader_dc	>= None	<= 15.020.20042
`cpe:2.3:a:adobe:reader::::::::`	reader	>= None	<= 11.0.18

CPE URI

Source package

Min version

Max version

cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*

acrobat

>= None

<= 11.0.18

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*

acrobat_dc

>= None

<= 15.006.30244

cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*

acrobat_dc

>= None

<= 15.020.20042

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*

acrobat_reader_dc

>= None

<= 15.006.30244

cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*

acrobat_reader_dc

>= None

<= 15.020.20042

cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*

reader

>= None

<= 11.0.18

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
reader	edge-community	0.5.0-r5	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r4	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r3	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.5.0-r0	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r3	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.7-r0	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.5-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.5-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	edge-community	0.4.5-r0	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r4	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r3	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r2	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.5.0-r1	Adam Thiede <me@adamthiede.com>	possibly vulnerable
reader	3.22-community	0.4.5-r5	Adam Thiede <me@adamthiede.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages