High severity8.8NVD Advisory· Published Aug 11, 2017· Updated May 13, 2026

CVE-2017-11254

Description

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution.

Affected products

Adobe Systems Incorporated/Acrobat Readerv5
Range: 2017.009.20058 and earlier
Adobe Inc./Acrobat
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Range: >=11.0.0,<=11.0.20
Adobe Inc./Acrobat Dc2 versions
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*range: >=15.006.30060,<=15.006.30306
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*range: >=15.007.20033,<=17.009.20058
Adobe Inc./Acrobat Reader
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Range: >=17.011.00000,<=17.011.30066
Adobe Inc./Acrobat Reader Dc2 versions
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*range: >=15.006.30060,<=15.006.30306
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*range: >=15.007.20033,<=17.009.20058
Adobe Inc./Reader
cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*
Range: >=11.0.0,<=11.0.20

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/acrobat/apsb17-24.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/100182nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039098nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000