How severe is CVE-2017-16399?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2017-16399?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2017-16399 - HIGH Severity | CVSS 8.8

Vulnerability Description

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.

Related Vulnerabilities

CVE-2014-1497

HIGH

CVSS:8.8(High)

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sen...

CWE-1252014

CVE-2015-9381

HIGH

CVSS:8.8(High)

FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.

CWE-1252015

CVE-2016-10403

HIGH

CVSS:8.8(High)

Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

CWE-1252016

CVE-2016-1646

HIGH

CVSS:8.8(High)

The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to ca...

CWE-1252016

CVE-2016-3621

HIGH

CVSS:8.8(High)

The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a c...

CWE-1252016

CVE-2016-5198

HIGH

CVSS:8.8(High)

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to ...

CWE-1252016