Description
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Format Plugins, versions 1.1.2 and earlier, contain a heap‑based buffer overflow that can be triggered by opening a specially crafted malicious file. The flaw allows an attacker to execute arbitrary code in the context of the user who opens the file, potentially compromising the system. The vulnerability is a classic out‑of‑bounds write that leads to code execution.

Affected Systems

Adobe Format Plugins, versions 1.1.2 and earlier, deployed on systems that process Adobe format files.

Risk and Exploitability

The CVSS score of 7.8 places this flaw in the high severity range, indicating a high likelihood of detrimental impact if exploited. The EPSS score is not available, but the requirement for user interaction limits the attack surface to individuals who open malicious documents. The bug is not currently listed in CISA’s KEV catalog, suggesting no confirmed public exploits yet. Nevertheless, the combination of a buffer overflow and the ability to execute code warrants vigilant mitigation.

Generated by OpenCVE AI on June 9, 2026 at 22:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Format Plugins update that resolves the overflow
  • Restrict the opening of unknown or untrusted Adobe format files to trusted users only
  • If an update is unavailable, disable the Format Plugins component or block the file extensions associated with the vulnerable plugin

Generated by OpenCVE AI on June 9, 2026 at 22:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe format Plugins
Vendors & Products Adobe
Adobe format Plugins

Tue, 09 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Description Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Format Plugins | Heap-based Buffer Overflow (CWE-122)
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Format Plugins
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:38:42.209Z

Reserved: 2026-05-21T15:28:38.135Z

Link: CVE-2026-48292

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T21:17:25.270

Modified: 2026-06-09T21:17:25.270

Link: CVE-2026-48292

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T01:15:18Z

Weaknesses