Memory leak in Adobe Digital Editions - CVE-2017-2979
Published: February 14, 2017 / Updated: February 15, 2017
Vulnerability identifier: #VU5818
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2979
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe Digital Editions
Adobe Digital Editions
Detailed vulnerability description
The vulnerability allows a remote attacker to cause denial of service or obtain potentially sensitive information.
The vulnerability exists due to a boundary error in Adobe Digital Editions when processing malformed FlateDecode streams. A remote attacker can create a specially crafted file, trick the victim into opening it and trigger memory leak.
Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
How to mitigate CVE-2017-2979
Update to version 4.5.4.