Release date: February 14, 2017
Last updated date: February 17, 2017
Vulnerability identifier: APSB17-05
Priority: 3
CVE numbers: CVE-2017-2973, CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981
Platform: Windows, Macintosh, iOS and Android
Product | Affected version | Platform |
---|---|---|
Adobe Digital Editions | 4.5.3 and earlier versions | Windows, Macintosh, iOS and Android |
Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version:
Product | Updated version | Platform | Priority rating | Availability |
---|---|---|---|---|
Windows |
3 | Download Page | ||
Adobe Digital Editions | 4.5.4 | Macintosh | 3 | Download Page |
iOS | 3 | iTunes | ||
Android | 3 | Playstore |
Customers using Adobe Digital Editions 4.5.3 can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.
For more information, please reference the release notes.
- This update resolves a vulnerability that could lead to a heap buffer overflow vulnerability that could lead to code execution (CVE-2017-2973).
- This update resolve buffer overflow vulnerabilities that could lead to a memory leak (CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2978, CVE-2017-2977, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981).
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative (CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2981).
- Steven Seeley of Source Incite (CVE-2017-2980).
- Ke Liu of Tencent's Xuanwu LAB (CVE-2017-2973).