Adobe Security Bulletin

Security update available for Adobe DNG Software Development Kit (SDK) | APSB20-26

Bulletin ID

Date Published

Priority

APSB20-26

May 12, 2020

3   

Summary

Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.

Affected versions

Product

Affected version

Platform

Adobe DNG Software Development Kit (SDK)

1.5 and earlier versions      

Windows

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product

Updated version

Platform

Priority rating

Availability

Adobe DNG Software Development Kit (SDK)

1.5.1

Windows and macOS        

3

Vulnerability Details

Vulnerability Category      

Vulnerability Impact      

Severity 

CVE Numbers      

Heap Overflow

Arbitrary Code Execution       

Critical  

CVE-2020-9589

CVE-2020-9590  

CVE-2020-9620  

CVE-2020-9621  

Out-of-Bounds Read 

Information Disclosure   

Important

CVE-2020-9622  

CVE-2020-9623  

CVE-2020-9624  

CVE-2020-9625  

CVE-2020-9626  

CVE-2020-9627  

CVE-2020-9628  

CVE-2020-9629  

Acknowledgments

Adobe would like to thank Mateusz Jurczyk from Google Project Zero for reporting these issues and for working with Adobe to help protect our customers.     

 Adobe

Get help faster and easier

New user?