Summary
| Detail | |||
|---|---|---|---|
| Vendor | Adobe | First view | 2005-06-13 |
| Product | Photoshop | Last view | 2023-11-16 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2023-11-16 | CVE-2023-44335 | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2023-11-16 | CVE-2023-44334 | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2023-11-16 | CVE-2023-44333 | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2023-11-16 | CVE-2023-44332 | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2023-11-16 | CVE-2023-44331 | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2023-11-16 | CVE-2023-44330 | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2023-09-07 | CVE-2021-43018 | Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPG file. |
| 5.5 | 2023-09-07 | CVE-2021-42734 | Adobe Photoshop version 22.5.1 ?and earlier?versions???are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2023-03-27 | CVE-2023-25908 | Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2023-02-17 | CVE-2023-21578 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2023-02-17 | CVE-2023-21577 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2023-02-17 | CVE-2023-21576 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2023-02-17 | CVE-2023-21575 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2023-02-17 | CVE-2023-21574 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2022-09-16 | CVE-2022-38434 | Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2022-09-16 | CVE-2022-38433 | Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.sue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2022-09-16 | CVE-2022-38432 | Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2022-09-16 | CVE-2022-38431 | Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2022-09-16 | CVE-2022-38430 | Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2022-09-16 | CVE-2022-38429 | Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2022-09-16 | CVE-2022-38428 | Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2022-09-16 | CVE-2022-38427 | Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2022-09-16 | CVE-2022-38426 | Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 7.8 | 2022-09-16 | CVE-2022-35713 | Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| 5.5 | 2022-07-15 | CVE-2022-34244 | Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 35% (24) | CWE-787 | Out-of-bounds Write |
| 26% (18) | CWE-125 | Out-of-bounds Read |
| 10% (7) | CWE-416 | Use After Free |
| 8% (6) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 5% (4) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 2% (2) | CWE-20 | Improper Input Validation |
| 1% (1) | CWE-788 | Access of Memory Location After End of Buffer |
| 1% (1) | CWE-665 | Improper Initialization |
| 1% (1) | CWE-427 | Uncontrolled Search Path Element |
| 1% (1) | CWE-399 | Resource Management Errors |
| 1% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 1% (1) | CWE-122 | Heap-based Buffer Overflow |
| 1% (1) | CWE-121 | Stack-based Buffer Overflow |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:6778 | Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 |
| oval:org.mitre.oval:def:25564 | Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 |
| oval:org.mitre.oval:def:26441 | Adobe Photoshop allows remote attackers to execute arbitrary code or cause a ... |
| oval:org.mitre.oval:def:26178 | Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS... |
| oval:org.mitre.oval:def:26271 | Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x be... |
SAINT Exploits
| Description | Link |
|---|---|
| Adobe Photoshop PNG file handling buffer overflow | More info here |
| Adobe Photoshop Album Starter Edition BMP image header buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74422 | Adobe Photoshop GIF Handling Memory Corruption |
| 72185 | Adobe Photoshop Multiple Unspecified Issues |
| 67545 | Adobe Photoshop Path Subversion Arbitrary DLL Injection Code Execution |
| 44579 | Adobe Multiple Products Crafted BMP File Handling Overflow |
| 38066 | Adobe Multiple Products RLE File Handling Arbitrary Code Execution |
| 38065 | Adobe Multiple Products DIB File Handling Arbitrary Code Execution |
| 38064 | Adobe Multiple Products BMP File Handling Arbitrary Code Execution |
| 38063 | Adobe Multiple Products PNG File Handling Arbitrary Code Execution |
| 35465 | Adobe Multiple Products PNG File Handling Overflow |
| 35370 | Adobe Photoshop Document Handling Overflow |
| 22908 | Adobe Multiple Products Permission Weakness Privilege Escalation |
| 17283 | Adobe License Management Service Unspecified Privilege Escalation |
ExploitDB Exploits
| id | Description |
|---|---|
| 17712 | Adobe Photoshop CS5 GIF Remote Code Execution |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-05-16 | Name : Adobe Photoshop BOF and Use After Free Vulnerabilities (Mac OS X) File : nvt/gb_adobe_photoshop_bof_n_use_after_free_vuln_macosx.nasl |
| 2012-05-15 | Name : Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows) File : nvt/gb_adobe_photoshop_bof_n_use_after_free_vuln_win.nasl |
| 2011-08-29 | Name : Adobe Photoshop '.GIF' File Processing Memory Corruption Vulnerability File : nvt/secpod_adobe_photoshop_gif_mem_corruption_vuln.nasl |
| 2011-06-02 | Name : Adobe Photoshop Multiple Vulnerabilities File : nvt/secpod_adobe_photoshop_mult_vuln.nasl |
| 2010-09-01 | Name : Adobe Photoshop Insecure Library Loading Vulnerability File : nvt/secpod_adobe_photoshop_insecure_lib_load_vuln.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-09-12 | Adobe Photoshop CS5 gif file heap corruption attempt RuleID : 50961 - Type : FILE-IMAGE - Revision : 1 |
| 2019-09-12 | Adobe Photoshop CS5 gif file heap corruption attempt RuleID : 50960 - Type : FILE-IMAGE - Revision : 1 |
| 2019-05-30 | Adobe Photoshop CS5 gif file heap corruption attempt RuleID : 49963 - Type : FILE-IMAGE - Revision : 1 |
| 2019-05-30 | Adobe Photoshop CS5 gif file heap corruption attempt RuleID : 49962 - Type : FILE-IMAGE - Revision : 1 |
| 2015-03-31 | Adobe Photoshop CS5 gif file heap corruption attempt RuleID : 33615 - Type : FILE-IMAGE - Revision : 4 |
| 2015-03-31 | Adobe Photoshop CS4 TIFF parsing heap overflow attempt RuleID : 33591 - Type : FILE-IMAGE - Revision : 2 |
| 2015-03-31 | Adobe Photoshop CS4 TIFF parsing heap overflow attempt RuleID : 33590 - Type : FILE-IMAGE - Revision : 3 |
| 2015-03-31 | Adobe Photoshop CS4 TIFF parsing heap overflow attempt RuleID : 33589 - Type : FILE-IMAGE - Revision : 3 |
| 2014-01-10 | Adobe Photoshop CS4 TIFF parsing heap overflow attempt RuleID : 21948 - Type : FILE-IMAGE - Revision : 9 |
| 2014-01-10 | Adobe Photoshop CS5 gif file heap corruption attempt RuleID : 20637 - Type : FILE-IMAGE - Revision : 14 |
| 2014-01-10 | Adobe Photoshop CS5 gif file heap corruption attempt RuleID : 20636 - Type : FILE-IMAGE - Revision : 14 |
| 2014-01-10 | Multiple products dwmapi.dll dll-load exploit attempt RuleID : 19620 - Type : FILE-OTHER - Revision : 13 |
| 2014-01-10 | Multiple products request for dwmapi.dll over SMB attempt RuleID : 19618 - Type : FILE-OTHER - Revision : 13 |
| 2014-01-10 | Adobe Photoshop request for wintab32.dll over SMB attempt RuleID : 18489 - Type : FILE-OTHER - Revision : 11 |
| 2014-01-10 | Adobe Photoshop wintab32.dll dll-load exploit attempt RuleID : 18488 - Type : FILE-OTHER - Revision : 11 |
| 2014-01-10 | Adobe multiple products dwmapi.dll dll-load exploit attempt RuleID : 18330 - Type : NETBIOS - Revision : 4 |
| 2014-01-10 | Adobe multiple products dwmapi.dll dll-load exploit attempt RuleID : 18328 - Type : WEB-CLIENT - Revision : 4 |
| 2014-01-10 | Adobe BMP image handler buffer overflow attempt RuleID : 17678 - Type : FILE-IMAGE - Revision : 9 |
| 2014-01-10 | BMP image handler buffer overflow attempt RuleID : 13865 - Type : FILE-IMAGE - Revision : 18 |
| 2014-01-10 | Adobe Photoshop PNG file handling stack buffer overflow attempt RuleID : 11267 - Type : FILE-IMAGE - Revision : 15 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-11-16 | Name: The remote host has an application installed that is affected by multiple vul... File: adobe_photoshop_apsb17-34.nasl - Type: ACT_GATHER_INFO |
| 2017-11-16 | Name: The remote host has an application installed that is affected by multiple vul... File: macosx_adobe_photoshop_apsb17-34.nasl - Type: ACT_GATHER_INFO |
| 2012-05-17 | Name: The remote host has an application installed that is affected by multiple arb... File: adobe_photoshop_apsb12-11.nasl - Type: ACT_GATHER_INFO |
| 2011-08-11 | Name: The remote Windows host has an application that is affected by a memory corru... File: adobe_photoshop_apsb11-22.nasl - Type: ACT_GATHER_INFO |
| 2011-05-03 | Name: The remote Windows host has an application that is affected by multiple unspe... File: adobe_photoshop_12_0_4.nasl - Type: ACT_GATHER_INFO |
| 2010-12-15 | Name: The remote Windows host has an application that is affected by unspecified vu... File: adobe_photoshop_12_0_2.nasl - Type: ACT_GATHER_INFO |
