Adobe Security Bulletin

Security update available for Adobe DNG Software Development Kit (SDK) | APSB20-26

Bulletin ID	Date Published	Priority
APSB20-26	May 12, 2020	3

Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.

Product	Affected version	Platform
Adobe DNG Software Development Kit (SDK)	1.5 and earlier versions	Windows

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product	Updated version	Platform	Priority rating	Availability
Adobe DNG Software Development Kit (SDK)	1.5.1	Windows and macOS	3	Windows macOS

Product

Updated version

Platform

Priority rating

Availability

Adobe DNG Software Development Kit (SDK)

1.5.1

Windows and macOS       

Windows

macOS

Vulnerability Category     

Vulnerability Impact     

Severity  

CVE Numbers     

Heap Overflow

Arbitrary Code Execution      

Critical  

CVE-2020-9589

CVE-2020-9590

CVE-2020-9620

CVE-2020-9621

Out-of-Bounds Read

Information Disclosure

Important

CVE-2020-9622

CVE-2020-9623

CVE-2020-9624

CVE-2020-9625

CVE-2020-9626

CVE-2020-9627

CVE-2020-9628

CVE-2020-9629

Adobe would like to thank Mateusz Jurczyk from Google Project Zero for reporting these issues and for working with Adobe to help protect our customers.

Adobe Security Bulletin

Summary

Affected versions

Solution

Vulnerability Details

Acknowledgments

Spýtajte sa komunity

Kontaktujte nás