CVE-2022-38426 Adobe Photoshop versions 22.5.8 and 23.4.2 are affected by an Access of Uninitialized Pointer vulnerability that could lead to arbitrary code execution.
Access of Uninitialized Pointer vulnerabilities are typically found in libraries or components that handle untrusted data. In the case of Adobe Photoshop, this means images. An attacker could leverage this vulnerability to execute code on the victim’s computer. Adobe is aware of a confirmed vulnerability in the version of Photoshop CC installed on the following products: Windows Mac OS X Linux On Windows, the vulnerability requires user action in that the user must open a specially crafted malicious image with Adobe Photoshop CC. This issue does not affect Windows 10 or Windows 10 Mobile. On Mac OS X and other Unix-based systems, the issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable. On Mac OS X and other Unix-based systems, the issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable. On Linux, the issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable. On Windows, Mac OS X, and Linux, the issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable.
Vulnerability Overview
This vulnerability is related to a type of vulnerability known as an access of uninitialized pointer vulnerability. These types of vulnerabilities typically occur in libraries or components that handle untrusted data. In the case of Adobe Photoshop, this means images. An attacker could leverage this vulnerability to execute code on the victim’s computer.
Common software used in Adobe Products
To help prevent the exploitation of this vulnerability, Adobe is providing a software update that will remove this specific version of Adobe Photoshop from affected products. The update will be available for download on January 19th, 2019.
What is the vulnerability?
Photoshop is a widely-used image editing software, but does not properly verify the origin of untrusted data. This vulnerability allows for an attacker to run malicious code on a victim’s computer.
Timeline
Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/20/2022 18:14:00 UTC