Vulnerability CVE-2017-16419


Published: 2017-12-09

Description:
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.

Type:

CWE-399

(Resource Management Errors)

Vendor: Adobe
Product: Acrobat reader dc 
Version:
17.012.20098
17.012.20095
17.012.20093
17.009.20058
17.009.20044
15.023.20070
15.023.20056
15.023.20053
15.020.20042
15.020.20039
15.017.20053
15.017.20050
15.016.20045
15.016.20041
15.016.20039
15.010.20060
15.010.20059
15.010.20056
15.009.20079
15.009.20077
15.009.20071
15.009.20069
15.008.20082
15.006.30355
15.006.30354
15.006.30352
15.006.30306
15.006.30280
15.006.30279
15.006.30244
15.006.30243
15.006.30201
15.006.30198
15.006.30174
15.006.30173
15.006.30172
15.006.30121
15.006.30119
15.006.30097
15.006.30096
15.006.30094
15.006.30060
Product: Acrobat dc 
Version:
17.012.20098
17.012.20095
17.012.20093
17.009.20058
17.009.20044
15.023.20070
15.023.20056
15.023.20053
15.020.20042
15.020.20039
15.017.20053
15.017.20050
15.016.20045
15.016.20041
15.016.20039
15.010.20060
15.010.20059
15.010.20056
15.009.20079
15.009.20077
15.009.20071
15.009.20069
15.008.20082
15.006.30355
15.006.30354
15.006.30352
15.006.30306
15.006.30280
15.006.30279
15.006.30244
15.006.30243
15.006.30201
15.006.30198
15.006.30174
15.006.30173
15.006.30172
15.006.30121
15.006.30119
15.006.30097
15.006.30096
15.006.30094
15.006.30060
Product: Acrobat reader 
Version:
17.011.30066
17.011.30065
17.011.30059
11.0.22
Product: Acrobat 
Version:
17.011.30066
17.011.30065
17.011.30059
11.0.22

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.securityfocus.com/bid/101817
http://www.securitytracker.com/id/1039791
https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Related CVE
CVE-2018-4871
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during...
CVE-2017-11305
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.
CVE-2017-3114
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region...
CVE-2017-3112
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of...
CVE-2017-3111
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.
CVE-2017-3109
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.
CVE-2017-16420
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computati...
CVE-2017-16418
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computati...

Copyright 2018, cxsecurity.com

 

Back to Top