CVE-2022-38427 Adobe Photoshop versions 22.5.8 and 23.4.2 are affected by an Access of Uninitialized Pointer vulnerability that could lead to arbitrary code execution.
Access of Uninitialized Pointer vulnerabilities are typically found in libraries or components that handle untrusted data. In the case of Adobe Photoshop, this means images. An attacker could leverage this vulnerability to execute code on the victim’s computer. Adobe is aware of a confirmed vulnerability in the version of Photoshop CC installed on the following products: Windows Mac OS X Linux On Windows, the vulnerability requires user action in that the user must open a specially crafted malicious image with Adobe Photoshop CC. This issue does not affect Windows 10 or Windows 10 Mobile. On Mac OS X and other Unix-based systems, the issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable. On Mac OS X and other Unix-based systems, the issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable. On Linux, the issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable. On Windows, Mac OS X, and Linux, the issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable.
Overview:
Adobe has released a security update to address a vulnerability in the version of Photoshop CC installed on Windows, Mac OS X, and Linux. This vulnerability can be exploited by an attacker who convinces a user to open a specially crafted malicious image with Adobe Photoshop CC.
This issue does not affect Windows 10 or Windows 10 Mobile. On Mac OS X and other Unix-based systems, the issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable. On Linux, the issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable.
Vulnerability description
An issue has been discovered in Adobe Photoshop CC that could lead to a security vulnerability. The vulnerability is located in the function "DoDataExchange" and the offset value should be decreased by one. The vulnerability affects all versions of Photoshop CC installed on Windows, Mac OS X, and Linux.
The issue does not require user action in that the user must have Adobe Photoshop CC installed to be vulnerable.
Vulnerability Overview
An unknown party has reported that they discovered a vulnerability in the version of Adobe Photoshop installed on Windows, Mac OS X, and Linux. The vulnerability is an arbitrary code execution vulnerability that affects the current versions of Adobe Photoshop CC and previous versions. This vulnerability has been confirmed to exist in the following products:
Windows Macintosh Linux
This vulnerability has been confirmed to affect:
Windows Mac OS X Linux
The specific impact or exploitability of this vulnerability could not be determined at this time.
Vulnerability Information Summation
The vulnerability is in Adobe Photoshop CC which is a component that would be used by the majority of the market which has the potential to affect over 1 billion users. The severity of this vulnerability can range from low to high depending on the sophistication of how it was exploited. This vulnerability affects mostly Windows, Mac OS X, and Linux systems where users are required to have Adobe Photoshop CC installed. There is no action required for exploitation of this issue on these platforms. There is also no action required for exploitation of this issue on Windows 10 or Windows 10 Mobile
Timeline
Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/20/2022 18:18:00 UTC