==================================================================== CERT-Renater Note d'Information No. 2020/VULN265 _____________________________________________________________________ DATE : 13/05/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Adobe DNG Software Development Kit versions prior to 1.5.1. ===================================================================== https://helpx.adobe.com/security/products/dng-sdk/apsb20-26.html _____________________________________________________________________ Security update available for Adobe DNG Software Development Kit (SDK) | APSB20-26 Bulletin ID Date Published Priority APSB20-26 May 12, 2020 3   Summary Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively. Affected versions Product Affected version Platform Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions      Windows Solution Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version: Product Updated version Platform Priority rating Availability Adobe DNG Software Development Kit (SDK) 1.5.1 Windows and macOS        3 Windows macOS Vulnerability Details Vulnerability Category      Vulnerability Impact      Severity   CVE Numbers       Heap Overflow Arbitrary Code Execution       Critical   CVE-2020-9589 CVE-2020-9590 CVE-2020-9620 CVE-2020-9621 Out-of-Bounds Read Information Disclosure Important CVE-2020-9622 CVE-2020-9623 CVE-2020-9624 CVE-2020-9625 CVE-2020-9626 CVE-2020-9627 CVE-2020-9628 CVE-2020-9629 Acknowledgments Adobe would like to thank Mateusz Jurczyk from Google Project Zero for reporting these issues and for working with Adobe to help protect our customers. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================