nvd-json-data-feeds/CVE-2017/CVE-2017-163xx/CVE-2017-16365.json

{
  "id": "CVE-2017-16365",
  "sourceIdentifier": "psirt@adobe.com",
  "published": "2017-12-09T06:29:01.117",
  "lastModified": "2024-11-21T03:16:20.520",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. La vulnerabilidad se debe a una sobrelectura de b\u00fafer en el m\u00f3dulo de an\u00e1lisis sint\u00e1ctico True Type2 Font. Una entrada de tabla cmap corrupta conduce a un c\u00e1lculo en el que la aritm\u00e9tica de punteros resulta en una ubicaci\u00f3n fuera de las ubicaciones de memoria v\u00e1lidas pertenecientes al b\u00fafer. Un ataque puede ser empleado para obtener informaci\u00f3n sensible, como direcciones de la memoria din\u00e1mica (heap) del objeto, etc."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "baseScore": 9.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "11.0.22",
              "matchCriteriaId": "43C26AAA-3620-4229-AEFC-78AB3B2AAACF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "17.0",
              "versionEndIncluding": "17.011.30066",
              "matchCriteriaId": "2AD1E919-28D9-4C88-B8F9-95E062E9F9D0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
              "versionStartIncluding": "-",
              "versionEndIncluding": "17.012.20098",
              "matchCriteriaId": "43E90FF1-8078-4B18-A492-507E6129D10D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*",
              "versionStartIncluding": "15.0",
              "versionEndIncluding": "15.006.30355",
              "matchCriteriaId": "E45BE50E-04BE-49BE-8AFD-DFFAE6D11538"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "11.0.22",
              "matchCriteriaId": "FA8E1E9D-FE27-4916-9BB3-D3E92BBB5641"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "17.0",
              "versionEndIncluding": "17.011.30066",
              "matchCriteriaId": "9346604B-ADB0-471B-9F81-8560E3F516AA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
              "versionStartIncluding": "-",
              "versionEndIncluding": "17.012.20098",
              "matchCriteriaId": "2A50612A-DC1B-4F64-BF9F-748A15EC6610"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*",
              "versionStartIncluding": "15.0",
              "versionEndIncluding": "15.006.30355",
              "matchCriteriaId": "394E8F26-2B1C-47ED-85F9-32BC5E04EC3A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/101824",
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1039791",
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/101824",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1039791",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2017-16365",`
			`"sourceIdentifier": "psirt@adobe.com",`
			`"published": "2017-12-09T06:29:01.117",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"lastModified": "2024-11-21T03:16:20.520",`
			`"vulnStatus": "Modified",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
bootstrap 2023-04-24 12:24:31 +02:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc."
			`},`
			`{`
			`"lang": "es",`
			"value": "Se ha descubierto un problema en Adobe Acrobat y Reader: 2017.012.20098 y versiones anteriores, 2017.011.30066 y versiones anteriores, 2015.006.30355 y versiones anteriores y 11.0.22 y versiones anteriores. La vulnerabilidad se debe a una sobrelectura de b\u00fafer en el m\u00f3dulo de an\u00e1lisis sint\u00e1ctico True Type2 Font. Una entrada de tabla cmap corrupta conduce a un c\u00e1lculo en el que la aritm\u00e9tica de punteros resulta en una ubicaci\u00f3n fuera de las ubicaciones de memoria v\u00e1lidas pertenecientes al b\u00fafer. Un ataque puede ser empleado para obtener informaci\u00f3n sensible, como direcciones de la memoria din\u00e1mica (heap) del objeto, etc."
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV30": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH",`
bootstrap 2023-04-24 12:24:31 +02:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "HIGH"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 5.9`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 9.3,`
bootstrap 2023-04-24 12:24:31 +02:00			`"accessVector": "NETWORK",`
			`"accessComplexity": "MEDIUM",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "COMPLETE",`
			`"integrityImpact": "COMPLETE",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "COMPLETE"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"baseSeverity": "HIGH",`
			`"exploitabilityScore": 8.6,`
			`"impactScore": 10.0,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": true`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-125"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat::::::::",`
			`"versionEndIncluding": "11.0.22",`
			`"matchCriteriaId": "43C26AAA-3620-4229-AEFC-78AB3B2AAACF"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat::::::::",`
			`"versionStartIncluding": "17.0",`
			`"versionEndIncluding": "17.011.30066",`
			`"matchCriteriaId": "2AD1E919-28D9-4C88-B8F9-95E062E9F9D0"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat_dc:::::continuous:::*",`
			`"versionStartIncluding": "-",`
			`"versionEndIncluding": "17.012.20098",`
			`"matchCriteriaId": "43E90FF1-8078-4B18-A492-507E6129D10D"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat_dc:::::classic:::*",`
			`"versionStartIncluding": "15.0",`
			`"versionEndIncluding": "15.006.30355",`
			`"matchCriteriaId": "E45BE50E-04BE-49BE-8AFD-DFFAE6D11538"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat_reader::::::::",`
			`"versionEndIncluding": "11.0.22",`
			`"matchCriteriaId": "FA8E1E9D-FE27-4916-9BB3-D3E92BBB5641"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat_reader::::::::",`
			`"versionStartIncluding": "17.0",`
			`"versionEndIncluding": "17.011.30066",`
			`"matchCriteriaId": "9346604B-ADB0-471B-9F81-8560E3F516AA"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:::::continuous:::*",`
			`"versionStartIncluding": "-",`
			`"versionEndIncluding": "17.012.20098",`
			`"matchCriteriaId": "2A50612A-DC1B-4F64-BF9F-748A15EC6610"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:::::classic:::*",`
			`"versionStartIncluding": "15.0",`
			`"versionEndIncluding": "15.006.30355",`
			`"matchCriteriaId": "394E8F26-2B1C-47ED-85F9-32BC5E04EC3A"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://www.securityfocus.com/bid/101824",`
			`"source": "psirt@adobe.com",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "http://www.securitytracker.com/id/1039791",`
			`"source": "psirt@adobe.com",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",`
			`"source": "psirt@adobe.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`},`
			`{`
			`"url": "http://www.securityfocus.com/bid/101824",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "http://www.securitytracker.com/id/1039791",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
bootstrap 2023-04-24 12:24:31 +02:00			`}`
			`]`
			`}`