First published: Fri Sep 16 2022(Updated: )
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Photoshop | >=22.0<=22.5.8 | |
Adobe Photoshop | >=23.0<=23.4.2 | |
Apple macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-38434 is high (7.8).
CVE-2022-38434 affects Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) with a Use After Free vulnerability that could lead to arbitrary code execution.
No, Apple macOS is not vulnerable to CVE-2022-38434.
No, Microsoft Windows is not vulnerable to CVE-2022-38434.
To fix CVE-2022-38434, users should update to Adobe Photoshop versions 22.6.1 or 23.4.3, which contain the necessary security patches.