{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27281", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2026-02-18T22:02:41.389Z", "datePublished": "2026-03-10T18:23:37.826Z", "dateUpdated": "2026-03-10T18:38:22.128Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "DNG SDK", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "1.7.1 2471", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-03-10T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "Integer Overflow or Wraparound (CWE-190)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-03-10T18:23:37.826Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/dng-sdk/apsb26-30.html"}], "source": {"discovery": "EXTERNAL"}, "title": "DNG SDK | Integer Overflow or Wraparound (CWE-190)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T18:37:49.716083Z", "id": "CVE-2026-27281", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T18:38:22.128Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27281", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T18:37:49.716083Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T18:38:19.668Z"}}], "cna": {"title": "DNG SDK | Integer Overflow or Wraparound (CWE-190)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "modifiedScope": "UNCHANGED", "temporalScore": 5.5, "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "MEDIUM", "availabilityImpact": "HIGH", "environmentalScore": 5.5, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "NONE", "environmentalSeverity": "MEDIUM", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "NONE", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "DNG SDK", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.7.1 2471"}], "defaultStatus": "affected"}], "datePublic": "2026-03-10T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/dng-sdk/apsb26-30.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "Integer Overflow or Wraparound (CWE-190)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-03-10T18:23:37.826Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27281", "state": "PUBLISHED", "dateUpdated": "2026-03-10T18:38:22.128Z", "dateReserved": "2026-02-18T22:02:41.389Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2026-03-10T18:23:37.826Z", "assignerShortName": "adobe"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:dng_software_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B1B1993-347B-46EB-9CC2-5614B6D9E85D", "versionEndIncluding": "1.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DNG SDK versions 1.7.1 2471 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones 1.7.1 2471 y anteriores del SDK de DNG se ven afectadas por una vulnerabilidad de desbordamiento de entero o ajuste que podr\u00eda provocar una denegaci\u00f3n de servicio de la aplicaci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad para provocar que la aplicaci\u00f3n falle o deje de responder. La explotaci\u00f3n de este problema requiere interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."}], "id": "CVE-2026-27281", "lastModified": "2026-03-12T17:08:22.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2026-03-10T19:17:20.453", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/dng-sdk/apsb26-30.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "psirt@adobe.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.7.1 2471]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DNG SDK", "source": "cna", "vendor": "Adobe"}, "product": "dng_sdk", "vendor": "adobe"}], "analysis": {"en": {"generated_at": "2026-04-17T11:39:34.816958+00:00", "value": {"mitigation_remediation": ["Upgrade the Adobe DNG SDK to the latest version that incorporates the integer\u2011overflow fix, as posted in Adobe\u2019s security advisory.", "Implement strict input validation for DNG files, rejecting or bounding file sizes that exceed expected limits to prevent overflow conditions.", "If an upgrade cannot be performed immediately, isolate DNG processing in a sandbox or harden permissions so that a potential crash does not affect the broader application or system environment."], "summary": {"action": "Apply Patch", "impact": "Denial of Service via Integer Overflow"}, "threat_synthesis": {"affected_systems": "Adobe DNG SDK v1.7.1, build 2471 and all earlier releases are affected. Updating to newer releases that contain the fix removes the vulnerability.", "description_and_impact": "DNG SDK versions 1.7.1 2471 and earlier contain an integer overflow or wraparound flaw that allows an attacker to supply a specially crafted file, causing the program to crash or become unresponsive. The resulting denial-of-service condition can disrupt applications that rely on the SDK. The weakness is a classic input-size validation error (CWE-190).", "risk_and_exploitability": "The vulnerability carries a CVSS score of 5.5, indicating moderate severity. The EPSS score of less than 1% reflects a low probability of exploitation in the wild, and it is not listed in the CISA KEV catalog. Exploitation requires user interaction: a victim must open a malicious DNG file, so the attack vector is local, file-based input."}}}}, "created": "2026-03-11T11:43:58.755159+00:00", "updated": "2026-04-17T11:45:06.236867+00:00", "vendors": ["adobe", "adobe$PRODUCT$dng_sdk"]}