CVE-2017-2976 Adobe CVE debrief

Who should care

Organizations and individuals running Adobe Digital Editions 4.5.3 or earlier should care most, especially endpoint teams, desktop software managers, and anyone distributing or opening content through that application.

Technical summary

The supplied corpus identifies a buffer over-read in Adobe Digital Editions versions 4.5.3 and earlier. NVD maps the weakness to CWE-125 and lists vulnerable CPE coverage through version 4.5.3. The description says successful exploitation could lead to information disclosure. NVD also records a CVSS 3.0 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, and the issue is linked to Adobe PSIRT advisory APSB17-05.

Defensive priority

High. Systems that still run Adobe Digital Editions 4.5.3 or earlier should be prioritized for upgrade or removal from exposure.

Recommended defensive actions

• Upgrade Adobe Digital Editions to a version newer than 4.5.3 on all affected systems.
• Inventory endpoints that still have Adobe Digital Editions installed and confirm the installed version.
• Reduce exposure to untrusted or unnecessary content handling in affected installations until patched.
• Use standard endpoint protection and software restriction controls to limit the impact of vulnerable desktop applications.
• Monitor vendor guidance linked from the Adobe PSIRT advisory APSB17-05 for remediation details.

Evidence notes

This debrief is based only on the supplied NVD-derived corpus and linked official references. The corpus states: published 2017-02-15, modified 2026-05-13; vulnerable Adobe Digital Editions versions through 4.5.3; weakness CWE-125; and a vendor advisory reference (APSB17-05) plus third-party reference IDs. No KEV entry was supplied.

Official resources