VDB
CISA-2025-64784
CISA-2025-64784
PUBLISHED
CVSS 7.1 HIGH
Reported by adobe · Published December 9, 2025
DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Risk Scores
CVSS 3.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | DNG SDK | 0 |
| Adobe | DNG SDK | 0, 0 |
Timeline
- Dec 9, 2025 CVE Published
- Dec 9, 2025 CVE Updated