CVE-2020-3774

CWE-119 — Buffer Overflow5 documents5 sources

Severity

8.8HIGH

EPSS

24.1%

top 3.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Photoshop 2020 Adobe Photoshop CC Adobe Adobe Photoshop

Timeline

PublishedMar 25

Latest updateMar 27

Description

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDadobe/photoshop_202021.0 — 21.1

▶NVDadobe/photoshop_cc20.0 — 20.0.8

▶CVEListV5adobe/adobe_photoshopPhotoshop CC 2019, and Photoshop 2020 versions

🔴Vulnerability Details

OSV

node-url-parse vulnerabilities↗2023-03-27

▶

GHSA

GHSA-p97r-xmrm-j74f: Adobe Photoshop CC 2019 versions 20↗2022-05-24

▶

CVEList

CVE-2020-3774: Adobe Photoshop CC 2019 versions 20↗2020-03-25

▶

💬Community

Bugzilla

CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources↗2019-01-29

▶