Login Sign Up

CVE-2021-40709

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Adobe Photoshop allows arbitrary code execution when parsing malicious SVG files. Attackers can exploit this by tricking users into opening specially crafted files, potentially compromising the victim's system. Affects Photoshop versions 21.2.11 and earlier, and 22.5 and earlier.

💻 Affected Systems

Products:
  • Adobe Photoshop
Versions: 21.2.11 and earlier, 22.5 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. Requires user interaction to open malicious SVG file.

📦 What is this software?

Photoshop 2020 by Adobe

View all CVEs affecting Photoshop 2020 →

Photoshop 2021 by Adobe

View all CVEs affecting Photoshop 2021 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's computer, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to malware installation, credential theft, or data exfiltration from the affected user's account.

🟢

If Mitigated

Limited impact due to user awareness training preventing malicious file opens, or application sandboxing containing the exploit.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code available as of analysis date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Photoshop 21.2.12 and 22.5.1

Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb21-84.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' section. 3. Find Photoshop and click 'Update'. 4. Restart Photoshop after update completes.

🔧 Temporary Workarounds

Disable SVG file association

all

Prevent Photoshop from automatically opening SVG files by changing file associations

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program
macOS: Right-click SVG file > Get Info > Open With > Change to different application

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized Photoshop versions
  • Deploy email/web filtering to block SVG attachments and downloads

🔍 How to Verify

Check if Vulnerable:

Check Photoshop version in Help > About Photoshop. If version is 21.2.11 or earlier, or 22.5 or earlier, system is vulnerable.

Check Version:

Photoshop: Help > About Photoshop

Verify Fix Applied:

Verify Photoshop version is 21.2.12 or higher (for 21.x branch) or 22.5.1 or higher (for 22.x branch).

📡 Detection & Monitoring

Log Indicators:

  • Photoshop crash logs with SVG parsing errors
  • Windows Event Logs showing Photoshop process termination

Network Indicators:

  • Unusual outbound connections from Photoshop process after SVG file open

SIEM Query:

process_name:"photoshop.exe" AND (file_extension:".svg" OR file_name:"*.svg")

📊 Metadata

CVE ID: CVE-2021-40709
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: September 27, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40709, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)