Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2027

CWE-3994 documents4 sources

Severity

9.3CRITICAL

EPSS

28.8%

top 3.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Photoshop Cs5.5 Adobe Photoshop Adobe Photoshop CS4

Timeline

PublishedMay 9

Latest updateMay 17

Description

Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDadobe/photoshop_cs5.512.0

▶NVDadobe/photoshop23 versions+22

▶NVDadobe/photoshop_cs411.0

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-5h45-vp7g-6r9g: Use-after-free vulnerability in Adobe Photoshop CS5 12↗2022-05-17

▶

CVEList

CVE-2012-2027: Use-after-free vulnerability in Adobe Photoshop CS5 12↗2012-05-09

▶

💥Exploits & PoCs

Exploit-DB

Adobe Photoshop 12.1 - '.tiff' Parsing Use-After-Free↗2012-03-20

▶