A vulnerability was found in Adobe Photoshop CC up to 19.1.8/20.0.5 (Image Processing Software). It has been declared as critical. This vulnerability affects an unknown code block. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. The CWE definition for the vulnerability is CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

The weakness was released 08/26/2019 as APSB19-44 as confirmed security bulletin (Website). The advisory is available at helpx.adobe.com. This vulnerability was named CVE-2019-7982 since 02/12/2019. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available.

Upgrading to version 19.1.9 or 20.0.6 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Entries connected to this vulnerability are available at 140852, 140853, 140854 and 140855.

Productinfo

Type

• Image Processing Software

Vendor

• Adobe

Name

• Photoshop CC

Version

• 19.1.0
• 19.1.1
• 19.1.2
• 19.1.3
• 19.1.4
• 19.1.5
• 19.1.6
• 19.1.7
• 19.1.8
• 20.0.0
• 20.0.1
• 20.0.2
• 20.0.3
• 20.0.4
• 20.0.5

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion