Adobe Photoshop CC up to 19.1.7/20.0.2 Heap-based memory corruption

A vulnerability was found in Adobe Photoshop CC up to 19.1.7/20.0.2. It has been rated as critical. Affected by this issue is some processing. The manipulation with an unknown input leads to a memory corruption vulnerability (Heap-based). Using CWE to declare the problem leads to CWE-122. Impacted is confidentiality, integrity, and availability.

The weakness was presented 03/12/2019 as APSB19-15 as confirmed security bulletin (Website). The advisory is available at helpx.adobe.com. This vulnerability is handled as CVE-2019-7094 since 01/28/2019. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 05/25/2019).

Upgrading to version 19.1.8 or 20.0.4 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Vendor

Name

VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.3

VulDB Base Score: ≈5.5
VulDB Temp Score: ≈5.3
VulDB Vector: ?
VulDB Reliability: ?

VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Memory corruption / Heap-based (CWE-122)
Local: Yes
Remote: No

Availability: ?
Status: Not defined

Current Price Estimation: ?

Price Prediction: ?

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Upgrade
Status: ?

Reaction Time: ?
0-Day Time: ?
Exposure Time: ?

Upgrade: Photoshop CC 19.1.8/20.0.4

01/28/2019 CVE assigned
03/12/2019 +43 days Advisory disclosed
03/12/2019 +0 days Countermeasure disclosed
05/25/2019 +74 days VulDB entry created
05/25/2019 +0 days VulDB last updateVendor: adobe.com

Advisory: APSB19-15
Status: Confirmed

CVE: CVE-2019-7094 (?)

Created: 05/25/2019 02:46 PM
Complete: ?

Comments are closed.