CVE-2023-21578
First published: Fri Feb 17 2023(Updated: )
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Photoshop | >=23.0.0<23.5.4 | |
| Adobe Photoshop | >=24.0.0<24.1.1 | |
| Apple macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-21578?
The severity of CVE-2023-21578 is medium with a severity value of 5.5.
How does CVE-2023-21578 affect Adobe Photoshop?
CVE-2023-21578 affects Adobe Photoshop versions 23.5.3 (and earlier) and 24.1 (and earlier).
What is the vulnerability in CVE-2023-21578?
CVE-2023-21578 is an out-of-bounds read vulnerability in Adobe Photoshop.
What can an attacker do with CVE-2023-21578?
An attacker could exploit CVE-2023-21578 to disclose sensitive memory and bypass mitigations such as ASLR.
How can I fix CVE-2023-21578?
To fix CVE-2023-21578, update Adobe Photoshop to version 23.5.4 (or later) for versions 23.x and 24.1.1 (or later) for versions 24.x.
- collector/nvd-index
- agent/references
- agent/type
- vendor/adobe
- canonical/adobe photoshop
- version/adobe photoshop/23.0.0
- version/adobe photoshop/24.0.0
- vendor/apple
- canonical/apple macos
- vendor/microsoft
- canonical/microsoft windows