Description
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a heap-based buffer overflow in Adobe Format Plugins versions 1.1.2 and earlier that can be triggered by opening a specially crafted file, allowing an attacker to run code with the privileges of the current user.

Affected Systems

Adobe Format Plugins 1.1.2 and earlier are affected and would be impacted by any file that exploits the heap overflow.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity risk; the exploit requires user interaction to open a malicious file, and the vulnerability is not listed in CISA KEV. The lack of an EPSS score means the current exploit probability is unknown, but the attack path is clear and could lead to full compromise of the user’s system.

Generated by OpenCVE AI on June 9, 2026 at 22:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Adobe’s security advisory for the latest patch version and install it
  • Upgrade Adobe Format Plugins to the latest available version which includes the fix
  • Avoid opening or executing untrusted files; consider disabling the plugin or using sandboxing until the patch can be applied

Generated by OpenCVE AI on June 9, 2026 at 22:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe format Plugins
Vendors & Products Adobe
Adobe format Plugins

Tue, 09 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Description Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Format Plugins | Heap-based Buffer Overflow (CWE-122)
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Format Plugins
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:38:43.146Z

Reserved: 2026-05-21T15:28:38.134Z

Link: CVE-2026-48291

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:25.143

Modified: 2026-06-09T21:17:25.143

Link: CVE-2026-48291

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T02:30:05Z

Weaknesses