{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "11.0.22" } ] }, { "events": [ { "introduced": "17.0" }, { "last_affected": "17.011.30066" } ] }, { "events": [ { "introduced": "-" }, { "last_affected": "17.012.20098" } ] }, { "events": [ { "introduced": "15.0" }, { "last_affected": "15.006.30355" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "11.0.22" } ] }, { "events": [ { "introduced": "17.0" }, { "last_affected": "17.011.30066" } ] }, { "events": [ { "introduced": "-" }, { "last_affected": "17.012.20098" } ] }, { "events": [ { "introduced": "15.0" }, { "last_affected": "15.006.30355" } ] } ] } } ], "details": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS2PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "id": "CVE-2017-16386", "modified": "2026-03-14T13:50:10.041348819Z", "published": "2017-12-09T06:29:01.850Z", "references": [ { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/101824" }, { "type": "ADVISORY", "url": "http://www.securitytracker.com/id/1039791" }, { "type": "ADVISORY", "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }