CVE-2020-3773Out-of-bounds Write in Adobe Photoshop 2020

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGHNVD
EPSS
13.6%
top 5.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Adobe Photoshop 2020Adobe Photoshop CCAdobe Photoshop
Timeline
PublishedMar 25
Latest updateMay 24

Description

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDadobe/photoshop_202021.021.1
NVDadobe/photoshop_cc20.020.0.8
CVEListV5adobe/adobe_photoshopPhotoshop CC 2019, and Photoshop 2020 versions

🔴Vulnerability Details

2
GHSA
GHSA-27jg-rcc8-m4g5: Adobe Photoshop CC 2019 versions 202022-05-24
CVEList
CVE-2020-3773: Adobe Photoshop CC 2019 versions 202020-03-25

💬Community

1
Bugzilla
CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources2019-01-29
CVE-2020-3773 — Out-of-bounds Write in Adobe | cvebase