CVE-2017-16395

Name of the Vulnerable Software and Affected Versions Adobe Acrobat and Reader versions 2017.012.20098 and earlier Adobe Acrobat and Reader versions 2017.011.30066 and earlier Adobe Acrobat and Reader versions 2015.006.30355 and earlier Adobe Acrobat and Reader versions 11.0.22 and earlier

Description The issue is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Specifically, crafted EMF input, such as EMR STRETCHDIBITS, can cause a mismatch between the allocated buffer size and the access allowed by the computation. This can potentially be leveraged to achieve arbitrary code execution if an attacker can adequately control the accessible memory.

Recommendations For versions 2017.012.20098 and earlier, update to a version later than 2017.012.20098. For versions 2017.011.30066 and earlier, update to a version later than 2017.011.30066. For versions 2015.006.30355 and earlier, update to a version later than 2015.006.30355. For versions 11.0.22 and earlier, update to a version later than 11.0.22.