CVE-2020-9589

CWE-787Out-of-bounds Write5 documents5 sources
Severity
7.8HIGH
EPSS
5.7%
top 9.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Platform External/dng SDKAdobe Digital Negative Software Development KITAdobe Adobe DNG Software Development KIT (sdk)
Timeline
PublishedJun 26
Latest updateMay 24

Description

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5adobe/adobe_dng_software_development_kit_(sdk)Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions
Androidplatform/external/dng_sdk8.0:08.0:2020-07-01+3

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-hr6m-jm36-qh4x: Adobe DNG Software Development Kit (SDK) 12022-05-24
OSV
CVE-2020-9589: In DecodeImage of dng_lossless_jpeg2020-07-01
CVEList
CVE-2020-9589: Adobe DNG Software Development Kit (SDK) 12020-06-26

📋Vendor Advisories

1
Android
CVE-2020-9589: Android Security Bulletin 2020-07-01 CVE: CVE-2020-9589 Severity: CRITICAL Type: RCE Affected AOSP versions: 82020-07-01
CVE-2020-9589 (HIGH CVSS 7.8) | Adobe DNG Software Development Kit | cvebase.io