PatchSiren cyber security CVE debrief
CVE-2026-47964 Adobe CVE debrief
A Heap-based Buffer Overflow vulnerability was discovered in DNG SDK versions 1.7.1 2536 and earlier. This vulnerability, tracked as CVE-2026-47964, could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, as a victim must open a malicious file. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity.
- Vendor
- Adobe
- Product
- DNG SDK
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of DNG SDK versions 1.7.1 2536 and earlier should be aware of this vulnerability and take necessary precautions to avoid exploitation.
Technical summary
The vulnerability is caused by a Heap-based Buffer Overflow in the DNG SDK. This type of vulnerability occurs when more data is written to a buffer than it is designed to hold, leading to potential arbitrary code execution.
Defensive priority
HIGH
Recommended defensive actions
- Update to a version of DNG SDK that is not vulnerable.
- Avoid opening malicious files.
Evidence notes
The CVE record indicates that the vulnerability was published on 2026-06-16T19:16:56.367Z and modified on 2026-06-16T20:41:35.520Z. The vendor is listed as Unknown Vendor, but evidence suggests the product may be related to Adobe.
Official resources
-
CVE-2026-47964 CVE record
CVE.org
-
CVE-2026-47964 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47964 was published on 2026-06-16T19:16:56.367Z.