Impact
A null pointer dereference in Adobe DNG SDK versions 1.7.1 2536 and earlier causes the application to crash when it attempts to use an uninitialized pointer during DNG file parsing. This crash results in a denial‑of‑service condition for any process that loads the SDK. The weakness is a classic null pointer dereference (CWE‑476).
Affected Systems
Adobe DNG SDK, versions 1.7.1 2536 and earlier are vulnerable. No newer releases are listed as affected, and the issue is isolated to the SDK component itself.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation. The flaw requires user interaction: a victim must open a crafted DNG file to trigger the crash. Because the vulnerability only impacts application availability, the primary impact is a local or remote denial of service, depending on the attacker's ability to deliver the malicious DNG file to the target system.
OpenCVE Enrichment