CVE-2022-35713 Adobe Photoshop versions 22.5.8 and 23.4.2 are affected by a write privilege escalation vulnerability that could lead to arbitrary code execution.
An attacker could leverage this vulnerability to elevate privileges or install a malware package. Bypassing Microsoft Windows User Account Control (UAC) is another way an
CVE-2022-28854 Adobes InDesign versions 16.4.2 and earlier are affected by a memory disclosure vulnerability that could be exploited to bypass ASLR.
In addition, it is important to note that InDesign is not directly affected by this issue. However, the updated versions of InDesign received as part
CVE-2022-38430 Adobe Photoshop versions 22.5.8 and 23.4.2 are affected by a out-of-bounds read vulnerability in parsing a crafted file. This could result in a read past the end of an allocated memory structure.
Depending on the user's actions, this issue could result in information disclosure, installation of malicious software, or even elevation of privileges.
We recommend
CVE-2022-38428 Adobe Photoshop versions 22.5.8 and 23.4.2 are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could exploit this vulnerability to bypass ASLR.
Adobe recommends users update to the latest version 23.5.1. The update is currently available through the Creative Cloud application. Adobe warned that although
CVE-2022-38427 Adobe Photoshop versions 22.5.8 and 23.4.2 are affected by an Access of Uninitialized Pointer vulnerability that could lead to arbitrary code execution.
Access of Uninitialized Pointer vulnerabilities are typically found in libraries or components that handle untrusted data. In the case of Adobe Photoshop, this means images.
Episode
00:00:00
00:00:00