Bird_banner_small4
Adobe Acrobat XPS JPEG Out of Bounds Read
TSL ID TSL20171114-28
CVE ID(s) CVE-2017-16418
Severity Moderate
Description

An out of bounds read vulnerability has been reported in XPS component of Adobe Acrobat. The vulnerability is due to improper parsing of an embedded JPEG image in an XPS document.

A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted XPS document. Successful exploitation could result in information disclosure which could be leveraged by additional vulnerabilities.

The vendor, Adobe, has released the following advisory regarding the vulnerability:

https://helpx.adobe.com/security/products/acrobat/apsb17-36.html

Affected Products
  • Adobe Systems Acrobat 2017 2017.011.30066 and earlier versions
  • Adobe Systems Acrobat DC (Classic) 2015.006.30355 and earlier versions
  • Adobe Systems Acrobat DC (Continuous) 2017.012.20098 and earlier
  • Adobe Systems Acrobat XI 11.0.22 and earlier
CVSS Score Base 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is NONE
Temporal 3.2 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Related Threats