CVE-2017-2979 Adobe CVE debrief

Who should care

Organizations and individuals running Adobe Digital Editions 4.5.3 or earlier should prioritize this issue, especially desktop fleets that may open untrusted content or use the application in managed reading workflows.

Technical summary

NVD records a buffer over-read (CWE-125) in Adobe Digital Editions through version 4.5.3. The CVSS 3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating low-complexity, no-privilege, no-user-interaction exposure in the record. The public description highlights information disclosure as a possible outcome, while the NVD vector records high availability impact.

Defensive priority

High. The issue is publicly documented, affects a widely deployed reading application, and is rated HIGH by NVD. Prioritize upgrading affected installations and confirming whether Adobe Digital Editions remains installed in endpoints, VDI images, or user workstations.

Recommended defensive actions

• Upgrade Adobe Digital Editions to a version newer than 4.5.3 using Adobe's guidance in the vendor advisory.
• Inventory endpoints, VDI images, and user systems for Adobe Digital Editions 4.5.3 and earlier.
• Restrict or closely review the opening of untrusted files until remediation is complete.
• Use Adobe's APSB17-05 advisory and NVD entry to confirm affected versions and remediation status.

Evidence notes

The supplied NVD record shows CVE publication on 2017-02-15 and a later modification date of 2026-05-13. It lists vulnerable CPE criteria for adobe:digital_editions up to and including version 4.5.3, identifies CWE-125, and references Adobe's APSB17-05 vendor advisory along with the CVE and NVD records.

Official resources