Description
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-02-10
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service in Adobe DNG SDK through integer overflow
Action: Apply Patch
AI Analysis

Impact

Adobe DNG SDK versions 1.7.1 2410 and earlier suffer from an integer overflow or wraparound condition that can cause the application to crash or become unresponsive. The flaw does not provide a path to gain code execution or disclose data; its primary consequence is service disruption to the user who opens a crafted file. The vulnerability is catalogued as CWE-190 and is evaluated as a moderate severity threat.

Affected Systems

Adobe DNG SDK, specifically releases up to and including version 1.7.1 2410. All installations of the SDK that have not been updated beyond this point are susceptible.

Risk and Exploitability

The CVSS base score is 5.5, indicating a medium impact on availability. The EPSS score is below 1 %, suggesting a low probability of exploitation at the present moment. The vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires a local attacker to supply a malicious DNG file that the user must open, implying that user awareness and safe file handling practices can further reduce the risk. The attack vector is infrequent and not automated.

Generated by OpenCVE AI on April 16, 2026 at 17:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe DNG SDK to the latest release that supersedes version 1.7.1 2410
  • Refuse to open or automatically reject any unknown or suspicious DNG files
  • Run DNG processing within a sandboxed or read‑only environment to contain any crashes

Generated by OpenCVE AI on April 16, 2026 at 17:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe dng Software Development Kit
CPEs cpe:2.3:a:adobe:dng_software_development_kit:*:*:*:*:*:*:*:*
Vendors & Products Adobe dng Software Development Kit

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe dng Sdk
Vendors & Products Adobe
Adobe dng Sdk

Tue, 10 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title DNG SDK | Integer Overflow or Wraparound (CWE-190)
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Dng Sdk Dng Software Development Kit
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-03-10T18:17:32.769Z

Reserved: 2025-12-12T22:01:18.205Z

Link: CVE-2026-21354

cve-icon Vulnrichment

Updated: 2026-02-10T19:10:49.857Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T19:15:59.140

Modified: 2026-02-13T20:37:36.883

Link: CVE-2026-21354

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T17:30:25Z

Weaknesses