Vulnerability Description
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Dng Converter | <= 9.12.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101828Third Party AdvisoryVDB Entry
- https://helpx.adobe.com/security/products/dng-converter/apsb17-37.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/101828Third Party AdvisoryVDB Entry
- https://helpx.adobe.com/security/products/dng-converter/apsb17-37.htmlPatchVendor Advisory
FAQ
What is CVE-2017-11295?
CVE-2017-11295 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
How severe is CVE-2017-11295?
CVE-2017-11295 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-11295?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Dng Converter.