Bulletin ID
Security updates available for Adobe Photoshop CC | APSB19-44
|
Date Published |
Priority |
---|---|---|
APSB19-44 |
August 13, 2019 |
3 |
Summary
Affected Product Versions
Product |
Affected version |
Platform |
Photoshop CC |
19.1.8 and earlier |
Windows and macOS |
Photoshop CC |
20.0.5 and earlier |
Windows and macOS |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. For more information, please reference this help page.
Product |
Updated versions |
Platform |
Priority |
Photoshop CC |
19.1.9 |
Windows and macOS |
3 |
Photoshop CC |
20.0.6 |
Windows and macOS |
3 |
For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.
Vulnerability details
Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
---|---|---|---|
Heap Overflow | Arbitrary code execution | Critical | CVE-2019-7978 CVE-2019-7980 CVE-2019-7985 CVE-2019-7990 CVE-2019-7993 |
Type Confusion | Arbitrary Code Execution | Critical | CVE-2019-7969 |
Heap Overflow | Arbitrary Code Execution | Critical | CVE-2019-7970 |
Heap Overflow | Arbitrary Code Execution | Critical | CVE-2019-7971 |
Heap Overflow | Arbitrary Code Execution | Critical | CVE-2019-7972 |
Buffer Overflow | Arbitrary Code Execution | Critical | CVE-2019-7973 |
Type Confusion | Arbitrary Code Execution | Critical | CVE-2019-7973 |
Buffer Overflow | Arbitrary code execution | Critical | CVE-2019-7975 |
Out of Bound Read | Memory Leak | Important | CVE-2019-7977 CVE-2019-7981 CVE-2019-7987 CVE-2019-7991 CVE-2019-7995 CVE-2019-7996 CVE-2019-7999 CVE-2019-8000
|
Command Injection | Arbitrary code execution | Critical | CVE-2019-7968 CVE-2019-7989 |
Out of Bound Write | Arbitrary code execution | Critical | CVE-2019-7976 CVE-2019-7979 CVE-2019-7982 CVE-2019-7983 CVE-2019-7984 CVE-2019-7986 CVE-2019-7988 CVE-2019-7994 CVE-2019-7992 CVE-2019-7997 CVE-2019-7998 CVE-2019-8001 |
Acknowledgments
Adobe would like to thank the following researchers for reporting these issues and for working with Adobe to help protect our customers:
- Steven Seeley working with Trend Micro Zero Day Initiative (CVE-2019-7976, CVE-2019-7977, CVE-2019-7978, CVE-2019-7979, CVE-2019-7980, CVE-2019-7981, CVE-2019-7982, CVE-2019-7983, CVE-2019-7984, CVE-2019-7985, CVE-2019-7986, CVE-2019-7987, CVE-2019-7988, CVE-2019-7989, CVE-2019-7994, CVE-2019-7995, CVE-2019-7996)
- Zhongcheng Li(CK01) of Topsec Alpha Team (CVE-2019-7968)
- Kushal Arvind Shah from Fortinet's FortiGuard Labs (CVE-2019-7990, CVE-2019-7991, CVE-2019-7992, CVE-2019-7993, CVE-2019-7997, CVE-2019-7998, CVE-2019-7999, CVE-2019-8000, CVE-2019-8001)
- Steven Seeley (mr_me) of Source Incite working with iDefense Labs (CVE-2019-7969, CVE-2019-7970, CVE-2019-7971, CVE-2019-7972, CVE-2019-7973, CVE-2019-7974, CVE-2019-7975)
Revisions
August 15, 2019: Updated vulnerability category for CVE-2019-7992, CVE-2019-7997, CVE-2019-7998, CVE-2019-8001.
August 29, 2019: Updated vulnerability category for CVE-2019-7969, CVE-2019-7970, CVE-2019-7971, CVE-2019-7972, CVE-2019-7973, CVE-2019-7974, CVE-2019-7975