Photoshop
Sign in to watchby Adobe Inc.
CVEs (64)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-11304 | Cri | 0.64 | 9.8 | 0.03 | Dec 9, 2017 | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |
| CVE-2017-11303 | Cri | 0.64 | 9.8 | 0.04 | Dec 9, 2017 | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |
| CVE-2026-27289 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |
| CVE-2011-2131 | 0.07 | — | 0.50 | Aug 11, 2011 | Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file. | ||
| CVE-2008-1765 | 0.06 | — | 0.38 | Apr 23, 2008 | Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244. | ||
| CVE-2007-2365 | 0.06 | — | 0.39 | Apr 30, 2007 | Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. | ||
| CVE-2012-2027 | 0.05 | — | 0.29 | May 9, 2012 | Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file. | ||
| CVE-2007-2244 | 0.05 | — | 0.22 | Apr 25, 2007 | Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file. | ||
| CVE-2010-3127 | 0.03 | — | 0.05 | Aug 26, 2010 | Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information. | ||
| CVE-2022-28271 | 0.01 | — | 0.11 | May 6, 2022 | Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. | ||
| CVE-2022-23203 | 0.01 | — | 0.19 | Feb 16, 2022 | Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Photoshop. | ||
| CVE-2021-40709 | 0.01 | — | 0.07 | Sep 27, 2021 | Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2021-36065 | 0.01 | — | 0.07 | Sep 1, 2021 | Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2021-36005 | 0.01 | — | 0.08 | Aug 20, 2021 | Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted PSD file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PSD file in Photoshop. | ||
| CVE-2021-21047 | 0.01 | — | 0.08 | Feb 11, 2021 | Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2021-21006 | 0.01 | — | 0.12 | Jan 13, 2021 | Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2012-2028 | 0.01 | — | 0.17 | May 9, 2012 | Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2023-25908 | 0.00 | — | 0.00 | Mar 27, 2023 | Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2023-21577 | 0.00 | — | 0.00 | Feb 17, 2023 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2023-21575 | 0.00 | — | 0.00 | Feb 17, 2023 | Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |