Impact
A heap‑based buffer overflow has been identified in Adobe DNG SDK versions 1.7.1 2536 and earlier. When a crafted DNG file is opened, the overflow can be triggered, allowing an attacker to execute arbitrary code in the context of the current user. The flaw is a classic out‑of‑bounds write (CWE‑122).
Affected Systems
Adobe DNG SDK, version 1.7.1 2536 and all earlier releases. Any environment that incorporates these SDK builds is susceptible unless a newer, patched SDK version is deployed.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, but the EPSS score of < 1 % suggests exploitation is currently unlikely to be widespread. Attack requires user interaction—specifically the victim must open a malicious DNG file—so the threat is limited to social‑engineering or phishing scenarios. The vulnerability is not listed in CISA's KEV catalog.
OpenCVE Enrichment