PatchSiren cyber security CVE debrief

CVE-2017-2972 Adobe CVE debrief

CVE-2017-2972 is a high-severity memory corruption issue in Adobe Acrobat Reader and related Acrobat DC releases. Adobe and NVD describe it as an exploitable flaw in the image conversion module, specifically related to JPEG parsing, with successful exploitation potentially leading to arbitrary code execution.

Vendor: Adobe
Product: CVE-2017-2972
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-24
Original CVE updated: 2026-05-13
Advisory published: 2017-01-24
Advisory updated: 2026-05-13

Who should care

Organizations that still run affected Adobe Reader or Acrobat/DC versions, especially on endpoints where users routinely open untrusted PDF files. Security teams responsible for patching, software inventory, and endpoint hardening should treat this as a priority for legacy or slow-to-update fleets.

Technical summary

The NVD entry maps this issue to CWE-119 and lists Adobe Acrobat Reader/Acrobat versions at or below 11.0.18, 15.006.30244, and 15.020.20042 as vulnerable. The CVSS 3.0 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating exploitation requires user interaction and can have high confidentiality, integrity, and availability impact if successful. The vendor advisory reference confirms a patch was issued by Adobe.

Defensive priority

High for any environment that may still have affected versions installed. While this is a historical CVE, the impact is severe enough that unpatched legacy deployments should be addressed immediately.

Recommended defensive actions

Upgrade Adobe Acrobat Reader and Acrobat/DC to a version newer than the affected builds listed by NVD and Adobe.
Use the Adobe security advisory linked in the source corpus to confirm the fixed builds and update guidance.
Inventory endpoints for legacy Acrobat/Reader installations, including rarely used or dormant systems.
Restrict or monitor opening of untrusted PDF files, especially on systems that cannot be patched immediately.
Remove unsupported or end-of-life Adobe PDF software where feasible and replace it with a supported version.
Validate patch deployment after remediation by checking installed product versions against the affected ranges.

Evidence notes

Source corpus includes the NVD record for CVE-2017-2972 and Adobe's PSIRT advisory reference. NVD states the vulnerability is a memory corruption issue in the image conversion module related to JPEG parsing, with affected versions ending at 11.0.18, 15.006.30244, and 15.020.20042. The NVD CVSS vector is CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Adobe's advisory reference indicates a patch was published.

Official resources

CVE-2017-2972 CVE record
CVE.org
CVE-2017-2972 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory

CVE published on 2017-01-24. The supplied source record shows the vendor advisory and NVD entry dated the same day, indicating coordinated public disclosure and patch availability at that time.