Bulletin ID
Security update available for Adobe DNG Software Development Kit (SDK) | APSB20-26
|
Date Published |
Priority |
APSB20-26 |
May 12, 2020 |
3 |
Summary
Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.
Affected versions
Product |
Affected version |
Platform |
Adobe DNG Software Development Kit (SDK) |
1.5 and earlier versions |
Windows |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Vulnerability Details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
Heap Overflow |
Arbitrary Code Execution |
Critical |
CVE-2020-9589 CVE-2020-9590 CVE-2020-9620 CVE-2020-9621 |
Out-of-Bounds Read |
Information Disclosure |
Important |
CVE-2020-9622 CVE-2020-9623 CVE-2020-9624 CVE-2020-9625 CVE-2020-9626 CVE-2020-9627 CVE-2020-9628 CVE-2020-9629 |
Acknowledgments
Adobe would like to thank Mateusz Jurczyk from Google Project Zero for reporting these issues and for working with Adobe to help protect our customers.