8 matches found
CVE-2021-43753
CVE-2021-43753 affects Adobe Lightroom versions 4.4 and earlier, due to a use-after-free in parsing TIF files that could lead to privilege escalation. Exploitation requires user interaction (opening a malicious file). Mitigation in the provided documents: Adobe released Lightroom security updates...
CVE-2020-9724
CVE-2020-9724 affects Adobe Lightroom Classic (Windows/macOS) 9.2.0.10 and earlier due to an insecure library loading vulnerability. The root cause is insecure loading of a library, enabling privilege escalation within the current user context. Adobe’s advisory APSB20-51 recommends updating Light...
CVE-2024-20754
Adobe Lightroom Desktop
CVE-2025-27197
CVE-2025-27197 affects Adobe Lightroom Desktop: versions 8.2 and earlier are vulnerable to an out-of-bounds write that can allow arbitrary code execution under the current user. Exploitation requires user interaction—victim must open a malicious file. Affected product/component: Lightroom Desktop...
CVE-2021-40776
CVE-2021-40776 affects Adobe Lightroom Classic 10.3 and earlier. The vulnerability is a local privilege escalation in the Offline Lightroom Classic installer, exploitable by an authenticated user with high privileges after user interaction is triggered before product installation. Affected platfo...
CVE-2024-45145
Adobe Lightroom Desktop vulnerable to an out-of-bounds read (CWE-125) in versions 7.4.1, 13.5, 12.5.1 and earlier, with the issue allowing disclosure of sensitive memory and potential bypass of ASLR. Exploitation requires user interaction (victim opens a malicious file). The security context and ...
CVE-2020-24447
CVE-2020-24447 affects Adobe Lightroom Classic for Windows (10.0 and earlier). The issue is an uncontrolled search path element in Lightroom Classic that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious...
CVE-2026-21349
Lightroom Desktop vulnerable to an out-of-bounds write (CWE-787) in version 15.1 and earlier, enabling arbitrary code execution in the current user context after opening a malicious file. Affected products/versions are consistently stated across CVE sources (NVD/Red Hat). Root cause is an out-of-...