Adobe DNG SDK versions 1.7.1 2502 and earlier can be crashed by malicious files.

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.5

Adobe DNG SDK versions 1.7.1 2502 and earlier can be crashed by malicious files.

CVE-2026-27258

Summary

If you use Adobe DNG SDK, update to a fixed version to avoid potential crashes when opening malicious files. A hacker could create a file that crashes your application, making it unresponsive. Update your software to stay protected.

Original title

Original description

DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt memory, causing the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

nvd CVSS3.1 5.5

Vulnerability type

CWE-787 Out-of-bounds Write

https://helpx.adobe.com/security/products/dng-sdk/apsb26-41.html

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026