Bulletin ID
Last updated on
Jun 16, 2026
Security update available for Adobe DNG Software Development Kit (SDK) | APSB26-67
|
|
Date Published |
Priority |
|
APSB26-67 |
June 16, 2026 |
3 |
Summary
Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and memory exposure.
Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
Affected Versions
|
Product |
Affected version |
Platform |
|
Adobe DNG Software Development Kit (SDK) |
DNG SDK 1.7.1 build 2536 and earlier |
All |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Adobe DNG Software Development Kit (SDK) |
DNG SDK 1.7.1 build 2611 |
All |
3 |
Vulnerability Details
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVSS vector | CVE Number |
| Heap-based Buffer Overflow (CWE-122) | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | CVE-2026-47964 |
| Out-of-bounds Read (CWE-125) | Memory exposure | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | CVE-2026-47934 |
| Out-of-bounds Read (CWE-125) | Memory exposure | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | CVE-2026-47927 |
| Out-of-bounds Read (CWE-125) | Memory exposure | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | CVE-2026-47963 |
Acknowledgments
Adobe would like to thank the following researchers for reporting these issue and for working with Adobe to help protect our customers:
- Brendon Tiszka and Mateusz Jurczyk of Google Project Zero - CVE-2026-47934, CVE-2026-47927, CVE-2026-47963, CVE-2026-47964
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
Revisions
- February 17, 2026: Corrected solution version
