Description
DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-07-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference in Adobe DNG SDK versions 1.7.1 2536 and earlier causes the application to crash when it attempts to use an uninitialized pointer during DNG file parsing. This crash results in a denial‑of‑service condition for any process that loads the SDK. The weakness is a classic null pointer dereference (CWE‑476).

Affected Systems

Adobe DNG SDK, versions 1.7.1 2536 and earlier are vulnerable. No newer releases are listed as affected, and the issue is isolated to the SDK component itself.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation. The flaw requires user interaction: a victim must open a crafted DNG file to trigger the crash. Because the vulnerability only impacts application availability, the primary impact is a local or remote denial of service, depending on the attacker's ability to deliver the malicious DNG file to the target system.

Generated by OpenCVE AI on July 7, 2026 at 10:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe DNG SDK to a version newer than 1.7.1 2536 or apply the vendor’s latest security update
  • Configure the system to block or quarantine unknown or untrusted DNG files before they are opened by the SDK
  • Disable auto‑processing or auto‑opening of DNG files in applications that rely on the SDK until the patch is in place

Generated by OpenCVE AI on July 7, 2026 at 10:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe dng Sdk
Vendors & Products Adobe
Adobe dng Sdk

Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Description DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title DNG SDK | NULL Pointer Dereference (CWE-476)
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-07-07T13:43:52.214Z

Reserved: 2026-05-21T15:28:38.131Z

Link: CVE-2026-48267

cve-icon Vulnrichment

Updated: 2026-07-07T13:43:45.998Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T11:00:05Z

Weaknesses