CVSS: 9.3EPSS: 69%CPEs: 8EXPL: 0CVE-2017-16383 – Adobe Acrobat Pro DC XPS JPEG APP2 Parsing Heap-based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2017-16383
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. La vulnerabilidad es un ejemplo de un desbordamiento de memoria dinámica (heap) al procesar un archivo JPEG embebido en un documento XPS. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. • http://www.securityfocus.com/bid/101823 http://www.securitytracker.com/id/1039791 https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2017-16381 – Adobe Acrobat Pro DC XPS TIFF dir Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-16381
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value when processing TIFF files embedded within an XPS document. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. • http://www.securityfocus.com/bid/101831 http://www.securitytracker.com/id/1039791 https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2017-16387 – Adobe Reader DC JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-16387
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. • http://www.securityfocus.com/bid/101824 http://www.securitytracker.com/id/1039791 https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 8EXPL: 0CVE-2017-16384 – Adobe Acrobat Pro DC XPS PNG tEXT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-16384
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. • http://www.securityfocus.com/bid/101824 http://www.securitytracker.com/id/1039791 https://helpx.adobe.com/security/products/acrobat/apsb17-36.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-3013
https://notcve.org/view.php?id=CVE-2017-3013
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging. Las versiones de Adobe Acrobat Reader 11.0.19 y anteriores, 15.006.30280 y anteriores, 15.023.20070 y anteriores tienen una vulnerabilidad de carga de la biblioteca insegura (secuestro DLL) en un DLL relacionado con el registro remoto. • http://www.securityfocus.com/bid/97547 http://www.securitytracker.com/id/1038228 https://helpx.adobe.com/security/products/acrobat/apsb17-11.html • CWE-427: Uncontrolled Search Path Element •