Bulletin ID
Security updates available for Adobe Photoshop CC | APSB19-44
|  | Date Published | Priority | 
|---|---|---|
| APSB19-44 | August 13, 2019 | 3 | 
Summary
Affected Product Versions
| Product | Affected version | Platform | 
| Photoshop CC | 19.1.8 and earlier | Windows and macOS | 
| Photoshop CC | 20.0.5 and earlier | Windows and macOS | 
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. For more information, please reference this help page.
| Product | Updated versions | Platform | Priority | 
| Photoshop CC | 19.1.9 | Windows and macOS | 3 | 
| Photoshop CC | 20.0.6 | Windows and macOS | 3 | 
For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.
Vulnerability details
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number | 
|---|---|---|---|
| Heap Overflow | Arbitrary code execution | Critical | CVE-2019-7978 CVE-2019-7980 CVE-2019-7985 CVE-2019-7990 CVE-2019-7993 | 
| Type Confusion | Arbitrary code execution | Critical | CVE-2019-7969 CVE-2019-7970 CVE-2019-7971 CVE-2019-7972 CVE-2019-7973 CVE-2019-7974 CVE-2019-7975 | 
| Out of Bound Read | Memory Leak | Important | CVE-2019-7977 CVE-2019-7981 CVE-2019-7987 CVE-2019-7991 CVE-2019-7995 CVE-2019-7996 CVE-2019-7999 CVE-2019-8000 
 | 
| Command Injection | Arbitrary code execution | Critical | CVE-2019-7968 CVE-2019-7989 | 
| Out of Bound Write | Arbitrary code execution | Critical | CVE-2019-7976 CVE-2019-7979 CVE-2019-7982 CVE-2019-7983 CVE-2019-7984 CVE-2019-7986 CVE-2019-7988 CVE-2019-7994 CVE-2019-7992 CVE-2019-7997 CVE-2019-7998 CVE-2019-8001 | 
Acknowledgments
Adobe would like to thank the following researchers for reporting these issues and for working with Adobe to help protect our customers:
- Steven Seeley working with Trend Micro Zero Day Initiative (CVE-2019-7976, CVE-2019-7977, CVE-2019-7978, CVE-2019-7979, CVE-2019-7980, CVE-2019-7981, CVE-2019-7982, CVE-2019-7983, CVE-2019-7984, CVE-2019-7985, CVE-2019-7986, CVE-2019-7987, CVE-2019-7988, CVE-2019-7989, CVE-2019-7994, CVE-2019-7995, CVE-2019-7996)
- Zhongcheng Li(CK01) of Topsec Alpha Team (CVE-2019-7968)
- Kushal Arvind Shah from Fortinet's FortiGuard Labs (CVE-2019-7990, CVE-2019-7991, CVE-2019-7992, CVE-2019-7993, CVE-2019-7997, CVE-2019-7998, CVE-2019-7999, CVE-2019-8000, CVE-2019-8001)
- Steven Seeley (mr_me) of Source Incite working with iDefense Labs (CVE-2019-7969, CVE-2019-7970, CVE-2019-7971, CVE-2019-7972, CVE-2019-7973, CVE-2019-7974, CVE-2019-7975)
Revisions
August 15, 2019: Updated vulnerability category for CVE-2019-7992, CVE-2019-7997, CVE-2019-7998, CVE-2019-8001.