Back to overview

CVE-2026-48267

MEDIUM
5.5
CVSS 3.1
Description
DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Metadata

CVE ID
CVE-2026-48267
State
PUBLISHED
Assigner
adobe
Reserved
2026-05-21 15:28 UTC
Published
2026-07-06 19:45 UTC
Last updated
2026-07-07 13:43 UTC
Primary CWE
CWE-476
NULL Pointer Dereference (CWE-476)
Vendor / Product
Adobe / DNG SDK
Sources
cve.org  ·  NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Adobe DNG SDK 0 ≤ 1.7.1 2536
Weakness (CWE)
CWESourceDescription
CWE-476 cna NULL Pointer Dereference (CWE-476)
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.5 MEDIUM 3.1 cna CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Back to overview