CVE-2021-28549

Summary

Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Software

VendorProductVersion RangeStatus
AdobePhotoshopunspecified <= 22.3affected
AdobePhotoshopunspecified <= 21.2.6affected
AdobePhotoshopunspecified <= Noneaffected

Weaknesses

  • CWE-120: Buffer Overflow (CWE-120)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References