CVE-2017-16377
Severity CVSS v4.0:
Pending analysis
Type:
CWE-824
Access of Uninitialized Pointer
Publication date:
09/12/2017
Last modified:
20/04/2025
Description
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* | 11.0.22 (including) | |
| cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:* | 17.0 (including) | 17.011.30066 (including) |
| cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:* | -17.012.20098 (including) | |
| cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:* | 15.0 (including) | 15.006.30355 (including) |
| cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* | 11.0.22 (including) | |
| cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:* | 17.0 (including) | 17.011.30066 (including) |
| cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:* | -17.012.20098 (including) | |
| cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:* | 15.0 (including) | 15.006.30355 (including) |
To consult the complete list of CPE names with products and versions, see this page