CVE-2021-21006Heap-based Buffer Overflow in Adobe Photoshop

CWE-122Heap-based Buffer Overflow3 documents3 sources
Severity
8.6HIGHNVD
EPSS
12.1%
top 6.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Photoshop
Timeline
PublishedJan 13
Latest updateMay 24

Description

Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages2 packages

NVDadobe/photoshop22.1
CVEListV5adobe/photoshop22.1 and earlier

🔴Vulnerability Details

2
GHSA
GHSA-v4j4-xc7c-cpxx: Adobe Photoshop version 222022-05-24
CVEList
Heap buffer overflow when handling crafted font file could lead to arbitrary code execution2021-01-13
CVE-2021-21006 — Heap-based Buffer Overflow in Adobe | cvebase