Integer Underflow Vulnerability in Adobe Photoshop Desktop
CVE-2024-49514

7.8HIGH

Key Information:

Vendor: Adobe
Status: Photoshop
Vendor: CVE Published:; 12 November 2024

Summary

Adobe Photoshop Desktop versions 24.7.3, 25.11, and earlier are vulnerable to an integer underflow (wrap or wraparound) issue. This vulnerability can lead to arbitrary code execution within the context of the current user, provided that the victim opens a specially crafted malicious file. User interaction is necessary for exploitation, making it critical for users to remain vigilant about file sources and to apply the latest security updates provided by Adobe.

References

https://helpx.adobe.com/security/products/photoshop/apsb2...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024