VIR Vulnerability Intelligence Relay

CVE-2017-3021

low
Published 2017-04-12 · Modified 2026-05-13
CVSS v3
3.3
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS v2
4.3
VIR risk
3.3

Description

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.

Predictions

Exploit likelihood
34%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — https://helpx.adobe.com/security/products/acrobat/apsb17-11.html

OS impact
OSVersionStatusFixed in
macos macosnot-affected

Application impact
VendorProductVersionsFixed
adobeacrobat{"endIncluding":"11.0.19"}
adobeacrobat_dc{"endIncluding":"15.006.30280"}
adobeacrobat_reader_dc{"endIncluding":"15.006.30280"}
adobereader{"endIncluding":"11.0.19"}

References

CWEs

CWE-125

Verify integrity in audit chain (admin only). AS-IS.