CVE-2022-23203
Published: 16 February 2022
Summary
CVE-2022-23203 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Adobe Photoshop. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Adobe Photoshop versions 22.5.4 and earlier as well as 23.1 and earlier contain a buffer overflow vulnerability stemming from insecure handling of a crafted file. The flaw is tracked as CWE-120 and carries a CVSS 3.1 score of 7.8, reflecting the potential for arbitrary code execution in the context of the current user when the malformed file is processed.
An attacker can exploit the issue by supplying a specially crafted file that a victim must open in Photoshop. Successful exploitation grants code execution privileges equivalent to those of the user running the application, but the attack requires user interaction and cannot be triggered remotely without that step.
The official Adobe security bulletin APSB22-08 addresses the vulnerability and provides remediation guidance, including updated Photoshop builds that resolve the buffer overflow.
The associated EPSS score has remained flat at 0.1865 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-28293
Vulnerability details
Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires…
more
user interaction in that a victim must open a crafted file in Photoshop.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.