High severity7.8NVD Advisory· Published Jan 11, 2017· Updated May 6, 2026

CVE-2017-2951

Description

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution.

Affected products

Adobe Inc./Acrobat
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Range: <=11.0.18
Adobe Inc./Acrobat Dc2 versions
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*range: <=15.006.30244
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*range: <=15.020.20042
Adobe Inc./Acrobat Reader Dc2 versions
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*range: <=15.006.30244
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*range: <=15.020.20042
Adobe Inc./Reader
cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*
Range: <=11.0.18
N/A/Adobe Acrobat Reader 15.020.20042 And Earlier, 15.006.30244 And Earlier, 11.0.18 And Earlier.v5
Range: Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/acrobat/apsb17-01.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/95343nvd
www.securitytracker.com/id/1037574nvd
www.zerodayinitiative.com/advisories/ZDI-17-022nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000