CVE-2022-24099
First published: Fri May 06 2022(Updated: )
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Photoshop | <=22.5.6 | |
| Adobe Photoshop | >=23.0.0<=23.2.2 | |
| Apple macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Adobe Photoshop vulnerability?
The vulnerability ID for this Adobe Photoshop vulnerability is CVE-2022-24099.
What versions of Adobe Photoshop are affected by this vulnerability?
Adobe Photoshop versions 22.5.6 and earlier, and 23.2.2 and earlier are affected by this vulnerability.
What is the severity rating of this vulnerability?
This vulnerability has a severity rating of 3.3 (medium).
What is the risk of exploitation for this vulnerability?
Exploitation of this vulnerability requires user interaction.
Is there a fix available for this vulnerability?
Yes, Adobe has released a security update to address this vulnerability. It is recommended to update to the latest version of Adobe Photoshop.
- collector/nvd-index
- vendor/adobe
- canonical/adobe photoshop
- version/adobe photoshop/22.5.6
- version/adobe photoshop/23.0.0
- version/adobe photoshop/23.2.2
- vendor/apple
- canonical/apple macos
- vendor/microsoft
- canonical/microsoft windows