How severe is CVE-2017-16367?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2017-16367?

This is classified as CWE-704, which is a common weakness in software security.

CVE-2017-16367 - HIGH Severity | CVSS 8.8

Vulnerability Description

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.

Related Vulnerabilities

CVE-2010-1822

HIGH

CVSS:8.8(High)

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to e...

CWE-7042010

CVE-2011-1805

HIGH

CVSS:8.8(High)

Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-7042011

CVE-2016-5161

HIGH

CVSS:8.8(High)

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishan...

CWE-7042016

CVE-2016-5263

HIGH

CVSS:8.8(High)

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code...

CWE-7042016

CVE-2016-7860

HIGH

CVSS:8.8(High)

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-7042016

CVE-2016-7861

HIGH

CVSS:8.8(High)

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-7042016