Heap Overflow Vulnerability in Adobe DNG SDK
CVE-2020-9620

7.8HIGH

Key Information:

Vendor: Adobe
Status: Adobe Dng Software Development Kit (sdk)
Vendor: CVE Published:; 26 June 2020

What is CVE-2020-9620?

The Adobe DNG Software Development Kit (SDK) version 1.5 and earlier contains a heap overflow vulnerability that can be exploited by an attacker to gain control of affected systems. Through successful exploitation, an attacker could execute arbitrary code, which poses a significant risk to the security of applications utilizing this SDK. It's essential for users to apply the latest security updates to mitigate potential threats associated with this vulnerability.

Affected Version(s)

Adobe DNG Software Development Kit (SDK) Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions

References

https://helpx.adobe.com/security/products/dng-sdk/apsb20-...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2020
Vulnerability Reserved
Mar 2, 2020