PatchSiren cyber security CVE debrief

CVE-2017-2977 Adobe CVE debrief

CVE-2017-2977 affects Adobe Digital Editions 4.5.3 and earlier. Public sources describe an exploitable buffer over-read that can lead to information disclosure, and NVD rates the issue HIGH with a 7.5 CVSS score. Organizations that use Adobe Digital Editions to open untrusted content should treat this as a priority exposure and verify they are running a fixed version.

Vendor: Adobe
Product: CVE-2017-2977
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-15
Original CVE updated: 2026-05-13
Advisory published: 2017-02-15
Advisory updated: 2026-05-13

Who should care

Security and desktop engineering teams that support Adobe Digital Editions, especially where staff or customers open EPUB or other untrusted documents on managed endpoints. Incident responders and data protection teams should also care because the weakness can expose memory contents.

Technical summary

The NVD record identifies a buffer over-read in Adobe Digital Editions versions 4.5.3 and earlier, mapped to CWE-125. The CVSS 3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating low-complexity remote exploitation with no privileges required. The short CVE description emphasizes information disclosure, so defenders should review both confidentiality-sensitive and availability-sensitive impacts in context of their deployment.

Defensive priority

High. The issue is remotely reachable in the CVSS vector, requires no privileges, and affects an end-user document reader that may process untrusted files. Prioritize remediation where Adobe Digital Editions is present on systems that open sensitive or externally supplied content.

Recommended defensive actions

Confirm whether Adobe Digital Editions is installed and whether any systems remain on version 4.5.3 or earlier.
Upgrade Adobe Digital Editions to a version newer than 4.5.3 following Adobe's security guidance.
Restrict opening of untrusted documents in vulnerable reader versions until remediation is complete.
Review endpoint software inventory and remove obsolete Adobe Digital Editions installs where the application is no longer needed.
Monitor vendor advisories and ticketing records for any follow-up guidance tied to APSB17-05.

Evidence notes

Source corpus points to Adobe Digital Editions 4.5.3 and earlier as vulnerable, with CWE-125 and a vendor advisory at Adobe's APSB17-05 page. The short CVE description says successful exploitation could lead to information disclosure, while the NVD CVSS vector reflects a high availability impact; this mismatch should be noted when communicating risk. References in the corpus include the Adobe advisory, CVE record, and NVD detail page.

Official resources

CVE-2017-2977 CVE record
CVE.org
CVE-2017-2977 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed on 2017-02-15 in the CVE/NVD record and Adobe-linked advisory references.