Adobe Security Bulletin

Security updates available for Adobe Photoshop CC

Release date: April 11, 2017

Vulnerability identifier: APSB17-12

Priority: 3

CVE number: CVE-2017-3004, CVE-2017-3005

Platform: Windows and Macintosh

Summary

Adobe has released updates for Photoshop CC for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability when parsing malicious PCX files that could lead to code
execution (CVE-2017-3004). These updates also resolve an unquoted search path vulnerability in
Photoshop on Windows (CVE-2017-3005).

Affected software versions

Product Affected version Platform
Adobe Photoshop CC 2017 18.0.1 and earlier versions Windows and Macintosh
Adobe Photoshop CC 2015.5 17.0.1 (2015.5.1) and earlier versions Windows and Macintosh

Solution

Adobe recommends users update their software installations via each application's update mechanism by launching each application, navigating to the Help menu, and clicking "Updates." For more information, please reference this help page.

Product Updated version Platform Priority rating
Adobe Photoshop CC 2017 18.1 Windows and Macintosh 3
Adobe Photoshop CC 2015.5 17.0.2 (2015.5.2) Windows and Macintosh 3

For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information on the Creative Cloud Packager. 

Vulnerability details

  • These updates resolve a memory corruption vulnerability when parsing malicious PCX files that could lead to code execution (CVE-2017-3004).
  • These updates resolve an unquoted search path vulnerability in Photoshop on Windows (CVE-2017-3005).

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Kushal Arvind Shah of Fortinet's FortiGuard Labs (CVE-2017-3004)
  • Cyril Vallicari / HTTPCS – Ziwit (CVE-2017-3005)