20 matches found
CVE-2020-9625
The CVE-2020-9625 entry concerns the Adobe DNG Software Development Kit (SDK) prior to version 1.5. The vulnerability is an out-of-bounds read (with heap overflow/related memory issues referenced in surrounding advisories) that could lead to information disclosure if exploited. Affected product/v...
CVE-2020-9628
Adobe DNG SDK (1.5 and earlier) contains an out-of-bounds read vulnerability that could disclose information. Multiple connected sources confirm the affected component is the DNG SDK, with instances of heap overflow/out-of-bounds read needing an update. Threatposts’ coverage notes that the fix is...
CVE-2020-9627
CVE-2020-9627 affects Adobe DNG Software Development Kit (SDK) versions 1.5 and earlier. The issue is an out-of-bounds read that could lead to information disclosure. Public documentation in connected sources confirms the vulnerability and references a targeted update to mitigate it (SDK 1.5.1). ...
CVE-2016-4167
CVE-2016-4167 affects the Adobe DNG Software Development Kit (SDK) prior to 1.4. The issue is described as a memory corruption vulnerability that allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors. The connected documents confirm this vulnerability and...
CVE-2026-21353
The CVE-2026-21353 issue affects DNG SDK versions 1.7.1 ≤ 2410 and earlier. The root cause is an Integer Overflow or Wraparound (CWE-190) in the SDK, enabling arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. ...
CVE-2026-21352
The CVE-2026-21352 entry concerns Adobe DNG SDK: versions 1.7.1 build 2410 and earlier are affected by an out-of-bounds write (CWE-787) that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, specifically the victim opening a malicious...
CVE-2026-27280
CVE-2026-27280 affects DNG SDK versions 1.7.1 build 2471 and earlier, with an out-of-bounds write (CWE-787) that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The CVSS 3.1 vector is Local/Low...
CVE-2025-64783
CVE-2025-64783 affects Adobe DNG SDK versions 1.7.0 and earlier, due to an Integer Overflow or Wraparound that could lead to arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. Public material in connected sources describes proofs ...
CVE-2025-64784
CVE-2025-64784 affects the Adobe DNG SDK up to version 1.7.0. The vulnerability is a heap-based buffer overflow in the SDK’s image processing that could expose memory or cause application denial of service. PoCs describe heap-based OOB reads/writes and potential memory corruption that could, unde...
CVE-2026-47964
Affected software : DNG SDK (version 1.7.1 2536 and earlier). Vulnerability : Heap-based buffer overflow (CWE-122) in the DNG SDK, potentially allowing arbitrary code execution in the context of the current user. Impact : Arbitrary code execution with high impact (confidentiality/ integrity/ avai...
CVE-2025-64893
Adobe DNG SDK prior to 1.7.1.2410 is affected by an out-of-bounds read that can lead to memory disclosure or DoS when processing raw images with two color planes. The issue stems from a logic/handling flaw in the rendering path (RefBaselineABCDtoRGB) that may read memory beyond bounds. Affected v...
CVE-2026-21354
The CVE-2026-21354 entry concerns the DNG SDK, affected in versions 1.7.1 2410 and earlier. The issue is an Integer Overflow or Wraparound that can lead to application denial-of-service. Exploitation requires user interaction: a victim must open a malicious file, potentially crashing or making th...
CVE-2026-47927
CVE-2026-47927 concerns the DNG SDK, where versions 1.7.1 2536 and earlier are affected by an out-of-bounds read (CWE-125). The vulnerability could lead to disclosure of sensitive memory. Exploitation requires user interaction: a victim must open a malicious file. The CVSS info indicates a local ...
CVE-2025-64894
The CVE-2025-64894 issue affects Adobe DNG SDK versions 1.7.0 and earlier. The root cause is an Integer Overflow or Wraparound in a component of the SDK, which could lead to a denial-of-service (the application crashing or becoming unresponsive). Exploitation requires user interaction: a victim m...
CVE-2026-21355
The CVE-2026-21355 entry concerns the DNG SDK, affected in versions 1.7.1 2410 and earlier. It describes an out-of-bounds read that could expose memory contents, with exploitation requiring a user to open a malicious file. The impact is memory exposure, not code execution per the provided text. C...
CVE-2026-27258
The CVE concerns DNG SDK, version 1.7.1 2502 and earlier, affected by an out-of-bounds write (CWE-787) that can cause an application denial-of-service. The vulnerability can lead to memory corruption resulting in a crash or unresponsiveness. Exploitation requires user interaction: a victim must o...
CVE-2026-27281
DVE-2024-2026: CVE-2026-27281 affects DNG SDK up to version 1.7.1 2471 and earlier. The flaw is an Integer Overflow or Wraparound (CWE-190) in a component used by the SDK, leading to an application denial-of-service. Exploitation requires user interaction: a victim must open a malicious file. The...
CVE-2026-47934
CVE-2026-47934 affects DNG SDK versions 1.7.1 2536 and earlier, with an out-of-bounds read (CWE-125) that can disclose sensitive memory. The vulnerability arises in the SDK’s handling that leads to memory disclosure. Exploitation requires user interaction: a victim must open a malicious file. Con...
CVE-2026-47963
The CVE-2026-47963 entry concerns DNG SDK versions 1.7.1 2536 and earlier, which are affected by an out-of-bounds read (CWE-125). The vulnerability can disclose sensitive memory and requires user interaction: a victim must open a malicious file. This is the explicit impact and attack condition de...
CVE-2026-48267
The CVE-2026-48267 entry concerns the DNG SDK prior to or equal to version 1.7.1 build 2536, where a NULL Pointer Dereference could cause an application crash and denial-of-service. The vulnerability requires user interaction: a victim must open a malicious file. The root cause is a NULL pointer ...