CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39825 – Adobe Photoshop Elements Edit 2021 TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-39825
Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TTF file. Photoshop Elements versiones 2021 build 19.0 (20210304.m.156367) (y anteriores), están afectadas por una vulnerabilidad de escritura fuera de límites que podría resultar en una ejecución de código arbitrario en el contexto del usuario actual. Es requerida una interacción del usuario para explotar este problema, ya que la víctima debe abrir un archivo TTF malicioso • https://helpx.adobe.com/security/products/photoshop_elements/apsb21-77.html • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 4%CPEs: 3EXPL: 3CVE-2011-2443 – Adobe Photoshop Elements 8.0 - Multiple Arbitrary Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-2443
Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296. Múltiples desbordamientos de búfer en Adobe Photoshop Elements v8.0 y anteriores permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de un fichero modificado (1) .grd o (2) .abr archivo, un tema relacionado con CVE-2010-1296. Adobe Photoshop Elements 8 suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) and .GRD (gradients) format files. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code on the affected system or denial of service scenario. • https://www.exploit-db.com/exploits/17918 http://securityreason.com/securityalert/8410 http://www.adobe.com/support/security/advisories/apsa11-03.html http://www.exploit-db.com/exploits/17918 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •