CVE-2021-40709 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2021-40709

Analyzed

More Info Official Page

Source-psirt@adobe.com

Published At-27 Sep, 2021 | 16:15

Updated At-01 Oct, 2021 | 12:50

Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 9.3

Base severity: HIGH

Vector:

AV:N/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

>>macos>>-

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

>>photoshop_2020>>Versions up to 21.2.11(inclusive)

cpe:2.3:a:adobe:photoshop_2020:*:*:*:*:*:*:*:*

>>photoshop_2021>>Versions up to 22.5(inclusive)

cpe:2.3:a:adobe:photoshop_2021:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-120	Primary	psirt@adobe.com

CWE ID: CWE-120

Type: Primary

Source: psirt@adobe.com

References

Hyperlink	Source	Resource
https://helpx.adobe.com/security/products/photoshop/apsb21-84.html	psirt@adobe.com	Vendor Advisory

Hyperlink: https://helpx.adobe.com/security/products/photoshop/apsb21-84.html

Source: psirt@adobe.com

Resource:

Vendor Advisory