CVE-2022-28271: Adobe Photoshop PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
First published: Tue Apr 12 2022(Updated: )
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Photoshop | <=22.5.6 | |
| Adobe Photoshop | >=23.0.0<=23.2.2 | |
| Apple macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-28271?
CVE-2022-28271 is a use-after-free vulnerability in Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) that could lead to arbitrary code execution.
How does CVE-2022-28271 affect Adobe Photoshop?
CVE-2022-28271 affects Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) by allowing arbitrary code execution in the context of the current user.
What software versions are affected by CVE-2022-28271?
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by CVE-2022-28271.
How can CVE-2022-28271 be exploited?
Exploiting CVE-2022-28271 requires user interaction, specifically opening a malicious PDF file.
What is the severity of CVE-2022-28271?
CVE-2022-28271 has a severity rating of 7.8 (critical).
Is Apple macOS and Microsoft Windows affected by CVE-2022-28271?
No, Apple macOS and Microsoft Windows are not affected by CVE-2022-28271.
How to fix CVE-2022-28271?
To fix CVE-2022-28271, it is recommended to update Adobe Photoshop to a version that is not affected by the vulnerability.
Where can I find more information about CVE-2022-28271?
You can find more information about CVE-2022-28271 on Adobe's security advisory page: https://helpx.adobe.com/security/products/photoshop/apsb22-20.html
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-28271?
The Common Weakness Enumeration (CWE) ID for CVE-2022-28271 is 416.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- vendor/adobe
- canonical/adobe photoshop
- version/adobe photoshop/22.5.6
- version/adobe photoshop/23.0.0
- version/adobe photoshop/23.2.2
- vendor/apple
- canonical/apple macos
- vendor/microsoft
- canonical/microsoft windows