CVE-2020-9623

CWE-125Out-of-bounds Read3 documents3 sources
Severity
7.5HIGH
EPSS
2.4%
top 14.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Digital Negative Software Development KITAdobe Adobe DNG Software Development KIT (sdk)
Timeline
PublishedJun 26
Latest updateMay 24

Description

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/adobe_dng_software_development_kit_(sdk)Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-7w63-xhwq-4525: Adobe DNG Software Development Kit (SDK) 12022-05-24
CVEList
CVE-2020-9623: Adobe DNG Software Development Kit (SDK) 12020-06-26
CVE-2020-9623 (HIGH CVSS 7.5) | Adobe DNG Software Development Kit | cvebase.io