What is CVE-2017-3124?

CVE-2017-3124 is a critical-severity vulnerability in Adobe Acrobat, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-08-11.

How severe is CVE-2017-3124?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Adobe Acrobat

CVE-2017-3124

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. S…

Vulnerability class: Buffer Overflow

EPSS: 0.091 (92.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Adobe Acrobat
Adobe Acrobat_dc
Adobe Acrobat_reader_dc
Adobe Reader
Adobe Systems Incorporated Acrobat Reader — versions 2017.009.20058 and earlier, 2017.008.30051 and earlier, 11.0.20 and earlier
Apple Mac_os_x
Microsoft Windows

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
psirt@adobe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
psirt@adobe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-3124?: CVE-2017-3124 is a critical-severity vulnerability in Adobe Acrobat, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-08-11.
How severe is CVE-2017-3124?: Critical severity. CVSS v3 base score is 9.8 out of 10.