Adobe Photoshop Improper Input Validation Remote Code Execution Vulnerability
CVE-2023-21574

7.8HIGH

Key Information:

Vendor: Adobe
Status: Photoshop
Vendor: CVE Published:; 17 February 2023

Summary

Adobe Photoshop is vulnerable to an Improper Input Validation issue in versions 23.5.3 and earlier, and 24.1 and earlier. This vulnerability allows the execution of arbitrary code when a user opens a specially crafted malicious file. The successful exploitation of this flaw requires user interaction, making it crucial for users to exercise caution when handling unknown files to mitigate potential risks.

Affected Version(s)

Photoshop <= 23.5.3

Photoshop <= 24.1

Photoshop <= unspecified

References

https://helpx.adobe.com/security/products/photoshop/apsb2...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2023
Vulnerability Reserved
Dec 1, 2022