Memory leak in Adobe Digital Editions - CVE-2017-2981
Published: February 14, 2017 / Updated: February 15, 2017
Vulnerability identifier: #VU5820
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2981
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe Digital Editions
Adobe Digital Editions
Detailed vulnerability description
The vulnerability allows a remote attacker to cause denial of service or obtain potentially sensitive information.
The vulnerability exists due to a boundary error in Adobe Digital Editions when processing malformed PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and trigger memory leak.
Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
How to mitigate CVE-2017-2981
Update to version 4.5.4.