PT-2022-6385 · Adobe · Photoshop

Published

2022-10-28

Updated

2023-02-24

CVE-2023-21574

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Adobe Photoshop versions 23.5.3 and earlier, 24.1 and earlier

Description The issue is related to insufficient input validation, which could allow an attacker to execute arbitrary code in the context of the current user. Exploitation requires user interaction, where a victim must open a malicious file.

Recommendations For versions 23.5.3 and earlier, and 24.1 and earlier, update to a version that includes a fix for the improper input validation vulnerability to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2023-01131

CVE-2023-21574

ZDI-23-149

Affected Products

Photoshop

PT-2022-6385 · Adobe · Photoshop

CVE-2023-21574

Weakness Enumeration

Related Identifiers

Affected Products

References · 8