Description
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-16
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap‑based buffer overflow has been identified in Adobe DNG SDK versions 1.7.1 2536 and earlier. When a crafted DNG file is opened, the overflow can be triggered, allowing an attacker to execute arbitrary code in the context of the current user. The flaw is a classic out‑of‑bounds write (CWE‑122).

Affected Systems

Adobe DNG SDK, version 1.7.1 2536 and all earlier releases. Any environment that incorporates these SDK builds is susceptible unless a newer, patched SDK version is deployed.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, but the EPSS score of < 1 % suggests exploitation is currently unlikely to be widespread. Attack requires user interaction—specifically the victim must open a malicious DNG file—so the threat is limited to social‑engineering or phishing scenarios. The vulnerability is not listed in CISA's KEV catalog.

Generated by OpenCVE AI on June 17, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe DNG SDK release that includes the fix for this vulnerability.
  • If an upgrade is not immediately possible, disable or block the handling of DNG files in your environment to prevent the vulnerable code from executing.
  • Employ file‑scanning or sandboxing techniques to inspect any DNG file before it reaches the SDK, reducing the risk of exploitation.

Generated by OpenCVE AI on June 17, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe dng Sdk
Vendors & Products Adobe
Adobe dng Sdk

Tue, 16 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title DNG SDK | Heap-based Buffer Overflow (CWE-122)
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-17T11:08:11.902Z

Reserved: 2026-05-20T15:50:31.364Z

Link: CVE-2026-47964

cve-icon Vulnrichment

Updated: 2026-06-17T11:08:08.562Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T19:16:56.367

Modified: 2026-06-16T20:41:35.520

Link: CVE-2026-47964

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T19:30:11Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow