Adobe Security Bulletin

Release date: February 14, 2017

Last updated date: February 17, 2017

Vulnerability identifier: APSB17-05

Priority: 3

CVE numbers: CVE-2017-2973, CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981    

Platform: Windows, Macintosh, iOS and Android

Summary

Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves a critical heap buffer overflow vulnerability that could lead to code execution and important buffer overflow vulnerabilities that could lead to a memory leak.

Affected versions

Solution

Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version:

Customers using Adobe Digital Editions 4.5.3 can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.

For more information, please reference the release notes.

Vulnerability Details

• This update resolves a vulnerability that could lead to a heap buffer overflow vulnerability that could lead to code execution (CVE-2017-2973). 
• This update resolve buffer overflow vulnerabilities that could lead to a memory leak (CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2978, CVE-2017-2977, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981).
  

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

• Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative (CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2981). 
• Steven Seeley of Source Incite (CVE-2017-2980).
  
• Ke Liu of Tencent's Xuanwu LAB (CVE-2017-2973).
  

Revisions