Published: 26/06/2020 Updated: 29/06/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Adobe DNG Software Development Kit (SDK) 1.5 and previous versions versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Vulnerability Trend

Affected Products

Recent Articles

Adobe Kills 16 Critical Flaws in Acrobat and Reader, Digital Negative SDK
Threatpost • Lindsey O'Donnell • 12 May 2020

Adobe has fixed 16 critical flaws across its Acrobat and Reader applications and its Adobe Digital Negative (DNG) Software Development Kit. If exploited, the flaws could lead to remote code execution.
Overall, Adobe fixed vulnerabilities tied to 36 CVEs in its regularly-scheduled Tuesday security update. Those include 24 critical- and important-severity flaws in its Acrobat and Reader application, used for creating and managing PDF files, and 12 in its Adobe DNG Software Development Kit (S...