PatchSiren cyber security CVE debrief

CVE-2017-2975 Adobe CVE debrief

CVE-2017-2975 is a publicly disclosed vulnerability in Adobe Digital Editions 4.5.3 and earlier. NVD describes it as an exploitable buffer over-read issue, and Adobe’s advisory is the primary vendor reference. The issue is associated with CWE-125 and carries a CVSS v3.0 score of 7.5 (High).

Vendor: Adobe
Product: CVE-2017-2975
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-15
Original CVE updated: 2026-05-13
Advisory published: 2017-02-15
Advisory updated: 2026-05-13

Who should care

Organizations and individuals running Adobe Digital Editions 4.5.3 or earlier should treat this as relevant, especially where the application is used on systems that open untrusted content. Security teams managing endpoint software inventories should verify whether the vulnerable versions are present and prioritized for remediation.

Technical summary

The NVD record identifies Adobe Digital Editions versions up to and including 4.5.3 as vulnerable to a buffer over-read (CWE-125). Adobe’s advisory is referenced in the source set, indicating vendor acknowledgment and remediation guidance. The supplied description states that successful exploitation could lead to information disclosure, while the NVD CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, so readers should rely on the linked advisory and NVD entry for the authoritative framing of impact and affected versions.

Defensive priority

High. The vulnerability is publicly documented, affects a specific and bounded version range, and is rated CVSS 7.5. Prioritize inventory checks and upgrades on systems with Adobe Digital Editions 4.5.3 or earlier installed.

Recommended defensive actions

Identify all installations of Adobe Digital Editions and confirm whether any are version 4.5.3 or earlier.
Apply Adobe’s remediation guidance from the vendor advisory linked in the source corpus.
Remove or isolate vulnerable endpoints until they can be updated, especially if they process untrusted files.
Validate post-remediation versions against the vendor advisory and NVD record before closing the issue.
Track this CVE in vulnerability management tooling so future scans can confirm the affected version range is no longer present.

Evidence notes

This debrief is based only on the supplied NVD record and Adobe advisory reference. The source corpus states that Adobe Digital Editions 4.5.3 and earlier are affected, names the issue as a buffer over-read, and maps it to CWE-125. The CVE published date used here is 2017-02-15; the later 2026-05-13 modified timestamp is treated only as metadata update context and not as the issue date.

Official resources

CVE-2017-2975 CVE record
CVE.org
CVE-2017-2975 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed on 2017-02-15 in the CVE/NVD record, with Adobe advisory APSB17-05 referenced as the vendor notice. The later 2026-05-13 modified timestamp reflects record maintenance, not the vulnerability’s original publication date.