Skip to main content

Dng Sdk CVE-2026-27258

| EUVDEUVD-2026-22434 MEDIUM
Out-of-bounds Write (CWE-787)
2026-04-14 adobe GHSA-85g7-96qr-w5x4
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 14, 2026 - 19:43 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22434
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
CVE Published
Apr 14, 2026 - 17:03 nvd
MEDIUM 5.5

DescriptionCVE.org

DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt memory, causing the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Out-of-bounds write in Adobe DNG SDK 1.7.1 2502 and earlier causes application denial-of-service through memory corruption when processing malicious DNG files. The vulnerability requires user interaction (opening a crafted file) and affects local attackers on systems where DNG SDK is deployed; no public exploit code or active exploitation has been confirmed at time of analysis.

Technical ContextAI

DNG SDK is Adobe's Digital Negative format library used for processing RAW image files. The vulnerability (CWE-787: Out-of-bounds Write) occurs in memory management routines that parse DNG file structures. When a specially crafted DNG file is processed, inadequate bounds checking allows an attacker to write data beyond allocated buffer boundaries, corrupting adjacent memory regions. This memory corruption directly impacts application availability by triggering crashes or hangs. The local attack vector and requirement for user interaction (opening the malicious file) limit the exposure model compared to remote vulnerabilities, but the out-of-bounds write class remains a serious memory safety issue.

RemediationAI

Update Adobe DNG SDK to version 1.7.2 or later; consult the official Adobe security advisory APSB26-41 at https://helpx.adobe.com/security/products/dng-sdk/apsb26-41.html for exact patched release availability and download instructions. For applications embedding DNG SDK, coordinate dependency updates with software release cycles to ensure patched versions are deployed. Until patching is complete, restrict opening of DNG files from untrusted sources and implement file type validation on input. No vendor-documented workarounds are available; patching is the primary remediation path.

Share

CVE-2026-27258 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy