Dng Software Development Kit
CVE-2026-21355
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Out-of-bounds memory read in DNG SDK 1.7.1 (2410) and earlier enables attackers to extract sensitive information from process memory when a user opens a specially crafted file. The vulnerability requires local user interaction but poses a direct confidentiality risk to applications processing untrusted DNG image files. No patch is currently available for affected versions.
Technical ContextAI
Classified as CWE-125 (Out-of-bounds Read). Affects Dng Software Development Kit. DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RemediationAI
Monitor vendor advisories for a patch.
More in Dng Software Development Kit
View allAdobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of
Arbitrary code execution in DNG SDK 1.7.1 build 2410 and earlier via out-of-bounds write when processing malicious DNG f
Arbitrary code execution in DNG SDK 1.7.1 2410 and earlier stems from an integer overflow vulnerability that executes wi
Arbitrary code execution in DNG SDK 1.7.1 2471 and earlier via an out-of-bounds write vulnerability that executes with u
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated high s
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated high s
Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Rated high s
DNG SDK 1.7.1 (build 2410) and earlier contain an integer overflow vulnerability that causes application denial-of-servi
DNG SDK versions 1.7.1 and earlier contain an integer overflow vulnerability that allows local attackers to crash affect
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today