Description
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-16
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe DNG SDK versions 1.7.1 2536 and earlier contain an out‑of‑bounds read that can leak sensitive information from memory. When a malicious DNG file is opened, the flaw allows an attacker to read arbitrary memory contents, potentially revealing confidential data. The vulnerability does not provide direct code execution, but it exposes the application to data disclosure that could be leveraged for further attacks.

Affected Systems

Adobe DNG SDK 1.7.1 2536 and all earlier releases are impacted. Any system or application that parses DNG files using these SDK versions is susceptible to the read exploit.

Risk and Exploitability

The CVSS score of 5.5 classifies this issue as moderate severity, while the EPSS score of less than 1% indicates a very low real‑world exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires user interaction— a victim must open a malicious file—so its reach is limited to environments that process potentially untrusted DNG content.

Generated by OpenCVE AI on June 17, 2026 at 22:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe DNG SDK to a version that includes the out‑of‑bounds read fix.
  • Restrict DNG file processing to trusted sources or directories and implement file‑type validation before opening malformed DNG files.
  • Apply access controls and quarantine policies to isolate and block untrusted DNG files from being processed until verified.

Generated by OpenCVE AI on June 17, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe dng Sdk
Vendors & Products Adobe
Adobe dng Sdk

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title DNG SDK | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-16T19:30:47.904Z

Reserved: 2026-05-20T15:50:31.361Z

Link: CVE-2026-47934

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:16:56.130

Modified: 2026-06-16T20:41:35.520

Link: CVE-2026-47934

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T22:30:13Z

Weaknesses