Security update available for Adobe DNG Software Development Kit (SDK) | APSB20-26
Bulletin ID Date Published Priority
APSB20-26 May 12, 2020 3   

Summary

Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.

Affected versions

Product Affected version Platform
Adobe DNG Software Development Kit (SDK)
1.5 and earlier versions       Windows

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating Availability
Adobe DNG Software Development Kit (SDK) 1.5.1 Windows and macOS         3

Windows

macOS

Vulnerability Details

Vulnerability Category       Vulnerability Impact       Severity  CVE Numbers      
Heap Overflow Arbitrary Code Execution        Critical  

CVE-2020-9589

CVE-2020-9590  

CVE-2020-9620  

CVE-2020-9621  

Out-of-Bounds Read  Information Disclosure    Important

CVE-2020-9622  

CVE-2020-9623  

CVE-2020-9624  

CVE-2020-9625  

CVE-2020-9626  

CVE-2020-9627  

CVE-2020-9628  

CVE-2020-9629  

Acknowledgments

Adobe would like to thank Mateusz Jurczyk from Google Project Zero for reporting these issues and for working with Adobe to help protect our customers.