CVE-2017-16419
medium
CVSS v3
6.5
CVSS v2
4.3
VIR risk
6.5
Description
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | acrobat | {"endIncluding":"11.0.22"} | |
| adobe | acrobat_dc | {"startIncluding":"-","endIncluding":"17.012.20098"} | |
| adobe | acrobat_reader | {"endIncluding":"11.0.22"} | |
| adobe | acrobat_reader_dc | {"startIncluding":"-","endIncluding":"17.012.20098"} | |
References
CWEs
CWE-674
Verify integrity in audit chain (admin only). AS-IS.