Bulletin ID
Last updated on
Dec 9, 2025
Security update available for Adobe DNG Software Development Kit (SDK) | APSB25-118
|
|
Date Published |
Priority |
|
APSB25-118 |
December 9, 2025 |
3 |
Summary
Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and memory exposure, or application denial-of-service.
Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
Affected Versions
|
Product |
Affected version |
Platform |
|
Adobe DNG Software Development Kit (SDK) |
DNG SDK 1.7.0 and earlier versions |
Windows |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Adobe DNG Software Development Kit (SDK) |
DNG SDK 1.7.1 build 2140 |
Windows and macOS |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
|
Integer Overflow or Wraparound (CWE-190) |
Arbitrary Code Execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2025-64783 |
|
Heap-based Buffer Overflow (CWE-122) |
Memory exposure |
Critical |
7.1 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
CVE-2025-64784 |
|
Out-of-bounds Read (CWE-125) |
Memory exposure |
Critical |
7.1 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
CVE-2025-64893 |
|
Integer Overflow or Wraparound (CWE-190) |
Application denial-of-service |
Important |
5.5 |
|
CVE-2025-64894 |
Acknowledgments
Adobe would like to thank the following researchers for reporting these issue and for working with Adobe to help protect our customers:
- Brendon Tiszka of Google Project Zero - CVE-2025-64783
- Brendon Tiszka and Mateusz Jurczyk of Google Project Zero - CVE-2025-64784, CVE-2025-64893, CVE-2025-64894
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
