High severity7.8NVD Advisory· Published Jan 11, 2017· Updated May 6, 2026

CVE-2017-2949

Description

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.

Affected products

Adobe Inc./Acrobat
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Range: <=11.0.18
Adobe Inc./Acrobat Dc2 versions
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*range: <=15.006.30244
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*range: <=15.020.20042
Adobe Inc./Acrobat Reader Dc2 versions
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*range: <=15.006.30244
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*range: <=15.020.20042
Adobe Inc./Reader
cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*
Range: <=11.0.18
N/a/Adobe Acrobat Reader 15.020.20042 And Earlier, 15.006.30244 And Earlier, 11.0.18 And Earlier.v5
Range: Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000