Login Sign Up

CVE-2023-21574

7.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes an Improper Input Validation vulnerability in Adobe Photoshop that allows arbitrary code execution when a user opens a malicious file. It affects Photoshop versions 23.5.3 and earlier, and 24.1 and earlier, potentially compromising the current user's system.

💻 Affected Systems

Products:
  • Adobe Photoshop
Versions: 23.5.3 and earlier, 24.1 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable; exploitation requires user interaction to open a malicious file.

📦 What is this software?

Photoshop by Adobe

View all CVEs affecting Photoshop →

Photoshop by Adobe

View all CVEs affecting Photoshop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution, leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware infection or data exfiltration after a user is tricked into opening a malicious Photoshop file.

🟢

If Mitigated

No impact if patches are applied or if users avoid opening untrusted files.

🌐 Internet-Facing: LOW, as exploitation requires local file access or user interaction with a malicious file, not direct network exposure.
🏢 Internal Only: MEDIUM, due to the risk of phishing or social engineering attacks leading to file execution within an organization.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file), but no public proof-of-concept is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Photoshop 23.5.4 and 24.2 or later

Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb23-11.html

Restart Required: Yes

Instructions:

1. Open Adobe Photoshop. 2. Go to Help > Updates. 3. Follow prompts to install the latest version (23.5.4 or 24.2+). 4. Restart Photoshop after installation.

🔧 Temporary Workarounds

Restrict File Opening

all

Configure Photoshop to only open trusted files or disable automatic opening of certain file types.

🧯 If You Can't Patch

  • Educate users to avoid opening Photoshop files from untrusted sources.
  • Implement application whitelisting to block unauthorized Photoshop execution.

🔍 How to Verify

Check if Vulnerable:

Check Photoshop version via Help > About Photoshop; if version is 23.5.3 or earlier, or 24.1 or earlier, it is vulnerable.

Check Version:

On Windows: wmic product where name='Adobe Photoshop' get version; On macOS: /Applications/Adobe Photoshop */Adobe Photoshop.app/Contents/Info.plist | grep -A1 CFBundleShortVersionString

Verify Fix Applied:

Verify version is 23.5.4 or later for 23.x, or 24.2 or later for 24.x.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Photoshop process activity or crashes after file opening
  • Security logs showing file execution from untrusted locations

Network Indicators:

  • Outbound connections initiated by Photoshop post-file opening, indicating potential C2 communication

SIEM Query:

EventID=4688 AND ProcessName='photoshop.exe' AND CommandLine LIKE '%.psd' OR '%.psb' from untrusted paths

📊 Metadata

CVE ID: CVE-2023-21574
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: February 17, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21574, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)