Out-of-Bounds Read Vulnerability in Adobe DNG Software Development Kit
CVE-2020-9626

3.3LOW

Key Information:

Vendor: Adobe
Status: Adobe Dng Software Development Kit (sdk)
Vendor: CVE Published:; 26 June 2020

Summary

The Adobe DNG Software Development Kit (SDK) prior to version 1.5 contains an out-of-bounds read vulnerability that may lead to the exposure of sensitive information. Attackers could exploit this weakness, potentially extracting data from memory that they should not have access to. Users of the affected SDK versions are encouraged to upgrade to the latest version to mitigate this risk effectively.

Affected Version(s)

Adobe DNG Software Development Kit (SDK) Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions

References

https://helpx.adobe.com/security/products/dng-sdk/apsb20-...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2020
Vulnerability Reserved
Mar 2, 2020