Cybersecurity specialists report the detection of two severe vulnerabilities in Adobe Photoshop, one of the most popular image editing tools in the world. According to the report, the successful exploitation of these flaws would allow the deployment of buffer overflow conditions or the misapplication of security restrictions.

Below is a brief summary of the reported flaws, in addition to their respective identification keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2021-28582: This flaw exists due to a limit error that remote threat actors can exploit to create a specially crafted file, trick the victim into opening it, trigger a heap-based buffer overflow, and execute arbitrary code on the compromised system.

According to cybersecurity experts, this flaw received a CVSS score of 7.7/10 and its successful exploitation could result in the total compromise of the target system.

CVE-2021-28624: Moreover, this flaw exists due to a limit error while processing Photoshop files. Remote hackers can create a specially crafted file and trick the victim into opening it, causing severe memory corruption and gaining the ability to execute arbitrary code.

Like the previous report, this vulnerability received a CVSS score of 7.7/10 and its exploitation would allow to take full control of the affected system.

According to the report, these flaws reside in the following versions of Adobe Photoshop: 20.0, 20.0.1, 20.0.2, 20.0.3, 20.0.4, 20.0.5, 20.0.6, 20.0.7, 20.0.8, 20.0.8.5, 20.0.9, 20.0.10, 21.0.1, 21.0.2, 21.1, 21.1.1, 21.2, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 21.2.5, 21.2.6, 21.2.7, 21.2.8, 22.1.0, 22.1.1, 22.2, 22.3, 22.3.1, 22.4 and 22.4.1.

As mentioned, flaws can be exploited by unauthenticated remote threat actors, although it is worth mentioning that Adobe has not detected active exploit attempts or the existence of a malware variant associated with an attack. Security patches to address these vulnerabilities are now available, so Photoshop users are encouraged to update as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Critical remote code execution & buffer overflow vulnerabilities in Adobe Photoshop. Patch now appeared first on Information Security Newspaper | Hacking News.

You May Also Like

2 critical vulnerabilities in Fortinet’s FortiWeb web application firewall can give cyber criminals access to your applications

Cybersecurity experts report the discovery of a critical vulnerability in FortiWeb, the…

Anyone can bypass the Google and AWS Web Application Firewall (WAF) with an 8 KB POST request

Most web applications today must be protected against multiple hacking variants, such…

Critical vulnerability in Bluetooth Low Energy (BLE) allows easily hacking Tesla cars, smart locks and millions of devices that use this Bluetooth technology

Specialists from the security firm NCC Group developed a tool capable of…

Chinese researchers find multiple vulnerabilities in VMware ESXi, Workstation and Fusion; update ASAP

Earlier this week, VMware announced the correction of multiple critical vulnerabilities in…