CVE-2017-2980 Adobe CVE debrief

Who should care

Organizations and individuals that use or distribute Adobe Digital Editions, especially where users open untrusted or externally supplied ebook content. Security teams should also care if they maintain software inventories or endpoint baselines that include Adobe Digital Editions.

Technical summary

NVD classifies the issue as CWE-125 (buffer over-read) and rates it CVSS 3.0 7.5 HIGH with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The affected product scope in the record is Adobe Digital Editions versions 4.5.3 and earlier. The documented impact is information disclosure, and the vendor advisory reference is APSB17-05.

Defensive priority

High for environments that still have Adobe Digital Editions 4.5.3 or earlier installed. Prioritize inventory, removal, or upgrade because the issue is public, high severity, and tied to a product that may process untrusted content.

Recommended defensive actions

• Inventory endpoints and software catalogs for Adobe Digital Editions.
• Upgrade Adobe Digital Editions to a version newer than 4.5.3, or remove the product if it is not required.
• Treat ebook files from untrusted sources as higher-risk until affected versions are eliminated.
• Validate that endpoint and application-control policies reflect the updated version baseline.
• Track Adobe advisory APSB17-05 and the NVD record for any additional remediation notes.

Evidence notes

Source corpus shows the CVE published on 2017-02-15 and modified by NVD on 2026-05-13. NVD lists Adobe Digital Editions cpe:2.3:a:adobe:digital_editions:* with vulnerable versions ending at 4.5.3, identifies CWE-125, and gives CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The only vendor-linked advisory in the supplied corpus is Adobe APSB17-05.

Official resources