Two critical buffer overflow and out-of-bounds writing vulnerabilities in Adobe Photoshop

Cybersecurity specialists report the detection of two vulnerabilities in Photoshop, the popular photo editing software developed by Adobe Systems Incorporated. According to the report, the successful exploitation of these flaws would allow the deployment of severe cyberattacks.

Below are brief reports of the flaws detected, in addition to their respective identification keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).

CVE-2021-36065: A boundary in the affected software would allow affected users to pass specially crafted data to the application, trigger a heap-based buffer overflow, and execute arbitrary code.

The vulnerability received a CVSS score of 7.7/10 and its successful exploitation would allow the full compromise of the affected system.

CVE-2021-36066: A boundary error when processing unverified entries in affected software would allow remote threat actors to trigger an out-of-bounds writing condition.

The vulnerability received a CVSS score of 7.7/10 and its successful exploitation would allow arbitrary code execution on the target system.

According to the report, these flaws reside in the following versions of Adobe Photoshop: 21.0.1, 21.0.2, 21.1, 21.1.1, 21.2, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 21.2.5, 21.2.6, 21.2.7, 21.2.8, 21.2.9, 21.2.10, 22.1.0, 22.1.1, 22.2, 22.3, 22.3.1, 22.4, 22.4.1, 22.4.2 & 22.4.3.

While vulnerabilities can be exploited by unauthenticated remote threat actors, no active exploit attempts have been detected so far. Security patches are now available, so Photoshop users are encouraged to upgrade to secure versions of the software.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.