Description
DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-03-10
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Integer Overflow
Action: Apply Patch
AI Analysis

Impact

DNG SDK versions 1.7.1 2471 and earlier contain an integer overflow or wraparound flaw that allows an attacker to supply a specially crafted file, causing the program to crash or become unresponsive. The resulting denial-of-service condition can disrupt applications that rely on the SDK. The weakness is a classic input-size validation error (CWE-190).

Affected Systems

Adobe DNG SDK v1.7.1, build 2471 and all earlier releases are affected. Updating to newer releases that contain the fix removes the vulnerability.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.5, indicating moderate severity. The EPSS score of less than 1% reflects a low probability of exploitation in the wild, and it is not listed in the CISA KEV catalog. Exploitation requires user interaction: a victim must open a malicious DNG file, so the attack vector is local, file-based input.

Generated by OpenCVE AI on April 17, 2026 at 11:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Adobe DNG SDK to the latest version that incorporates the integer‑overflow fix, as posted in Adobe’s security advisory.
  • Implement strict input validation for DNG files, rejecting or bounding file sizes that exceed expected limits to prevent overflow conditions.
  • If an upgrade cannot be performed immediately, isolate DNG processing in a sandbox or harden permissions so that a potential crash does not affect the broader application or system environment.

Generated by OpenCVE AI on April 17, 2026 at 11:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe dng Software Development Kit
CPEs cpe:2.3:a:adobe:dng_software_development_kit:*:*:*:*:*:*:*:*
Vendors & Products Adobe dng Software Development Kit

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe dng Sdk
Vendors & Products Adobe
Adobe dng Sdk

Tue, 10 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
Description DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title DNG SDK | Integer Overflow or Wraparound (CWE-190)
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Dng Sdk Dng Software Development Kit
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-03-10T18:38:22.128Z

Reserved: 2026-02-18T22:02:41.389Z

Link: CVE-2026-27281

cve-icon Vulnrichment

Updated: 2026-03-10T18:38:19.668Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T19:17:20.453

Modified: 2026-03-12T17:08:22.297

Link: CVE-2026-27281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T11:45:06Z

Weaknesses