Cai Content Credentials
Monthly
Denial-of-service in Adobe CAI Content Credentials (c2pa-web 0.7.1 and c2pa 0.80.1 and earlier) allows remote unauthenticated attackers to crash the application by triggering an integer overflow during C2PA content processing. With a CVSS of 7.5 (AV:N/AC:L/PR:N/UI:N) and no public exploit identified at time of analysis, the bug carries pure availability impact - no data exposure or code execution - but is trivially reachable by anyone who can feed input to the library.
Denial-of-service in Adobe's CAI Content Credentials SDK (c2pa-web 0.7.1 and c2pa 0.80.1 and earlier) allows remote unauthenticated attackers to crash the application by submitting malformed input that bypasses validation. The flaw carries a CVSS 7.5 rating driven entirely by availability impact, with no confidentiality or integrity consequences. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Uncontrolled resource consumption in Adobe CAI Content Credentials (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) allows a local attacker without privileges to exhaust system resources, resulting in a denial-of-service condition. The vulnerability requires no user interaction, meaning it can be triggered programmatically by any process with local access to a system running the affected SDK. No public exploit code or CISA KEV listing has been identified at time of analysis.
Improper input validation in Adobe's CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) permits a local attacker to crash the consuming application by supplying malformed input, resulting in a denial-of-service condition. No user interaction is required once the attacker can deliver crafted input to the locally running process. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, the crash-based impact and low attack complexity make it straightforward to trigger.
Uncontrolled resource consumption in Adobe CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) allows a local, unprivileged attacker to exhaust system resources and trigger an application-level denial-of-service condition. The CVSS vector confirms local attack vector with no privileges required and no user interaction, meaning any local process or user context capable of invoking the SDK can trigger the condition. No public exploit code or CISA KEV listing has been identified at time of analysis, and the availability impact is rated High with no confidentiality or integrity exposure.
Uncontrolled resource consumption in Adobe's CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) allows a local, unprivileged attacker to exhaust system resources and crash the hosting application. The CVSS vector confirms local access is required, limiting exposure primarily to environments where untrusted users share process space with SDK-consuming applications, such as multi-tenant systems or services that process attacker-supplied C2PA credential data from disk or local input. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Path traversal in Adobe CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) permits arbitrary file writes outside the intended extraction directory when a victim opens a maliciously crafted C2PA content credentials file. The CVSS vector confirms a local attack surface (AV:L) with high integrity impact (I:H) and no confidentiality or availability impact, meaning an attacker's primary capability is unauthorized file placement on the target filesystem. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Denial-of-service in Adobe CAI Content Credentials (c2pa-web 0.7.1 and c2pa 0.80.1 and earlier) allows remote unauthenticated attackers to exhaust system resources and crash the application by triggering uncontrolled resource consumption during C2PA content processing. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.5 score reflects easy network-based exploitation with no user interaction required. Affected deployments are those embedding Adobe's Content Authenticity SDK for verifying or generating C2PA provenance manifests on web-facing services.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Denial-of-service in Adobe CAI Content Credentials (c2pa-web 0.7.1 and c2pa 0.80.1 and earlier) allows remote unauthenticated attackers to crash the application by triggering an integer overflow during C2PA content processing. With a CVSS of 7.5 (AV:N/AC:L/PR:N/UI:N) and no public exploit identified at time of analysis, the bug carries pure availability impact - no data exposure or code execution - but is trivially reachable by anyone who can feed input to the library.
Denial-of-service in Adobe's CAI Content Credentials SDK (c2pa-web 0.7.1 and c2pa 0.80.1 and earlier) allows remote unauthenticated attackers to crash the application by submitting malformed input that bypasses validation. The flaw carries a CVSS 7.5 rating driven entirely by availability impact, with no confidentiality or integrity consequences. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Uncontrolled resource consumption in Adobe CAI Content Credentials (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) allows a local attacker without privileges to exhaust system resources, resulting in a denial-of-service condition. The vulnerability requires no user interaction, meaning it can be triggered programmatically by any process with local access to a system running the affected SDK. No public exploit code or CISA KEV listing has been identified at time of analysis.
Improper input validation in Adobe's CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) permits a local attacker to crash the consuming application by supplying malformed input, resulting in a denial-of-service condition. No user interaction is required once the attacker can deliver crafted input to the locally running process. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; however, the crash-based impact and low attack complexity make it straightforward to trigger.
Uncontrolled resource consumption in Adobe CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) allows a local, unprivileged attacker to exhaust system resources and trigger an application-level denial-of-service condition. The CVSS vector confirms local attack vector with no privileges required and no user interaction, meaning any local process or user context capable of invoking the SDK can trigger the condition. No public exploit code or CISA KEV listing has been identified at time of analysis, and the availability impact is rated High with no confidentiality or integrity exposure.
Uncontrolled resource consumption in Adobe's CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) allows a local, unprivileged attacker to exhaust system resources and crash the hosting application. The CVSS vector confirms local access is required, limiting exposure primarily to environments where untrusted users share process space with SDK-consuming applications, such as multi-tenant systems or services that process attacker-supplied C2PA credential data from disk or local input. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Path traversal in Adobe CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) permits arbitrary file writes outside the intended extraction directory when a victim opens a maliciously crafted C2PA content credentials file. The CVSS vector confirms a local attack surface (AV:L) with high integrity impact (I:H) and no confidentiality or availability impact, meaning an attacker's primary capability is unauthorized file placement on the target filesystem. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Denial-of-service in Adobe CAI Content Credentials (c2pa-web 0.7.1 and c2pa 0.80.1 and earlier) allows remote unauthenticated attackers to exhaust system resources and crash the application by triggering uncontrolled resource consumption during C2PA content processing. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 7.5 score reflects easy network-based exploitation with no user interaction required. Affected deployments are those embedding Adobe's Content Authenticity SDK for verifying or generating C2PA provenance manifests on web-facing services.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.