Description
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-16
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out-of-bounds read in Adobe DNG SDK versions 1.7.1.2536 and earlier. This flaw can allow a malicious file to expose parts of memory that may contain sensitive data, potentially leading to information disclosure. The weakness is classified as CWE-125. The vulnerability does not provide arbitrary code execution or denial of service; it purely affects confidentiality by leaking data that may be present in the process memory.

Affected Systems

Adobe DNG SDK, versions 1.7.1.2536 and earlier, are affected. Versions newer than 1.7.1.2536 are not impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity. The EPSS score is very low (<1%), reflecting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the victim to open a malicious DNG file, meaning user interaction is needed; the attack vector is a local file read. The risk remains moderate for environments that routinely process DNG files from untrusted sources, while systems that reject external media are less exposed.

Generated by OpenCVE AI on June 17, 2026 at 21:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe DNG SDK to a version that contains the fix for the out‑of‑bounds read (e.g., 1.7.2 or later).
  • Restrict the processing or opening of DNG files to trusted sources and block files from untrusted locations.
  • Deploy file integrity monitoring or sandboxing to detect and quarantine malicious or malformed DNG files before they are processed.

Generated by OpenCVE AI on June 17, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe dng Sdk
Vendors & Products Adobe
Adobe dng Sdk

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title DNG SDK | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-16T18:38:52.642Z

Reserved: 2026-05-20T15:50:31.364Z

Link: CVE-2026-47963

cve-icon Vulnrichment

Updated: 2026-06-16T18:38:41.422Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:16:56.250

Modified: 2026-06-16T20:41:35.520

Link: CVE-2026-47963

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T21:30:12Z

Weaknesses