Login Sign Up

CVE-2020-3777

7.5 HIGH

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in Adobe Photoshop that could allow attackers to read sensitive memory content. Affected users include anyone running Photoshop CC 2019 versions 20.0.8 and earlier, or Photoshop 2020 versions 21.1 and earlier. Successful exploitation could lead to information disclosure.

💻 Affected Systems

Products:
  • Adobe Photoshop CC 2019
  • Adobe Photoshop 2020
Versions: Photoshop CC 2019: 20.0.8 and earlier; Photoshop 2020: 21.1 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable.

📦 What is this software?

Photoshop 2020 by Adobe

View all CVEs affecting Photoshop 2020 →

Photoshop Cc by Adobe

View all CVEs affecting Photoshop Cc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read sensitive memory contents, potentially exposing passwords, encryption keys, or other confidential data from Photoshop's memory space.

🟠

Likely Case

Information disclosure of Photoshop's internal memory structures, which could aid in developing further attacks or expose limited sensitive data.

🟢

If Mitigated

With proper controls, the impact is limited to information disclosure without code execution or system compromise.

🌐 Internet-Facing: LOW - Photoshop is typically not an internet-facing application.
🏢 Internal Only: MEDIUM - While not directly exploitable over network, malicious files could be delivered via email or internal shares.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file) and is limited to information disclosure rather than code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Photoshop CC 2019: 20.0.9 or later; Photoshop 2020: 21.1.1 or later

Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb20-14.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud desktop app. 2. Navigate to 'Apps' tab. 3. Find Photoshop and click 'Update'. 4. Restart Photoshop after update completes.

🔧 Temporary Workarounds

Restrict file opening

all

Only open Photoshop files from trusted sources and avoid opening unexpected files.

🧯 If You Can't Patch

  • Restrict Photoshop usage to trusted users only
  • Implement application whitelisting to prevent unauthorized Photoshop execution

🔍 How to Verify

Check if Vulnerable:

Check Photoshop version via Help > About Photoshop. If version is Photoshop CC 2019 20.0.8 or earlier, or Photoshop 2020 21.1 or earlier, you are vulnerable.

Check Version:

Photoshop: Help > About Photoshop

Verify Fix Applied:

Verify Photoshop version is 20.0.9 or later for CC 2019, or 21.1.1 or later for Photoshop 2020.

📡 Detection & Monitoring

Log Indicators:

  • Photoshop crash logs showing memory access violations
  • Unexpected file opening events in Photoshop

Network Indicators:

  • No direct network indicators as this is a local file-based vulnerability

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="Photoshop.exe" AND ExceptionCode="0xc0000005"

📊 Metadata

CVE ID: CVE-2020-3777
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: March 25, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-3777, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)