CVE-2021-21006 – Adobe Photoshop versions 22.1 and earlier conta... (How to Fix)

Q: What is the severity of CVE-2021-21006?

CVE-2021-21006 has a CVSS score of 8.6 (HIGH). Adobe Photoshop versions 22.1 and earlier contain a heap buffer overflow vulnerability when processing malicious font files. Successful exploitation allows attackers to execute arbitrary code on the victim's system. This affects all users running vulnerable Photoshop versions who open untrusted files.

📋 TL;DR

Adobe Photoshop versions 22.1 and earlier contain a heap buffer overflow vulnerability when processing malicious font files. Successful exploitation allows attackers to execute arbitrary code on the victim's system. This affects all users running vulnerable Photoshop versions who open untrusted files.

💻 Affected Systems

Products:

Adobe Photoshop

Versions: 22.1 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Photoshop by Adobe

View all CVEs affecting Photoshop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's computer, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to malware installation, data exfiltration, or persistence mechanisms being established on the affected workstation.

🟢

If Mitigated

No impact if users only open trusted files from verified sources and the application is properly patched.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open malicious files, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but exploitation requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of heap manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 22.1.1 and later

Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb21-01.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application 2. Navigate to 'Apps' tab 3. Find Photoshop and click 'Update' 4. Restart Photoshop after update completes

🔧 Temporary Workarounds

Restrict font file processing

all

Configure Photoshop to block or warn about suspicious font files through security settings

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of malicious payloads
Educate users to never open Photoshop files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Photoshop version via Help > About Photoshop. If version is 22.1 or earlier, system is vulnerable.

Check Version:

Photoshop: Help > About Photoshop

Verify Fix Applied:

Verify Photoshop version is 22.1.1 or later via Help > About Photoshop.

📡 Detection & Monitoring

Log Indicators:

Photoshop crash logs with memory access violations
Unexpected font file processing in application logs

Network Indicators:

Unusual outbound connections after opening Photoshop files
DNS requests to suspicious domains post-file opening

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="Photoshop.exe" AND ExceptionCode="c0000005"

📊 Metadata

CVE ID: CVE-2021-21006

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-122

Published: January 13, 2021

Last Updated: November 21, 2024

🔗 References

https://helpx.adobe.com/security/products/photoshop/apsb21-01.html Vendor Advisory
https://helpx.adobe.com/security/products/photoshop/apsb21-01.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21006, you might also want to check these: