CVE-2024-52997 – Adobe Photoshop Desktop versions 26.0 and earli... (How to Fix)

Q: What is the severity of CVE-2024-52997?

CVE-2024-52997 has a CVSS score of 7.8 (HIGH). Adobe Photoshop Desktop versions 26.0 and earlier contain a Use After Free vulnerability that could allow an attacker to execute arbitrary code on a victim's system. This requires the user to open a malicious file, potentially leading to full system compromise under the current user's privileges. All users running affected Photoshop versions are at risk.

📋 TL;DR

Adobe Photoshop Desktop versions 26.0 and earlier contain a Use After Free vulnerability that could allow an attacker to execute arbitrary code on a victim's system. This requires the user to open a malicious file, potentially leading to full system compromise under the current user's privileges. All users running affected Photoshop versions are at risk.

💻 Affected Systems

Products:

Adobe Photoshop Desktop

Versions: 26.0 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. Requires user interaction to open malicious file.

📦 What is this software?

Photoshop by Adobe

View all CVEs affecting Photoshop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with the attacker gaining the same privileges as the logged-in user, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files, system configuration changes, or installation of additional malware.

🟢

If Mitigated

Limited impact if user runs with minimal privileges, has application sandboxing, and avoids opening untrusted files.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 26.1 or later

Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb24-101.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application
2. Navigate to 'Apps' section
3. Find Photoshop and click 'Update'
4. Restart Photoshop after update completes

🔧 Temporary Workarounds

Restrict file opening

all

Configure Photoshop to only open files from trusted sources or disable automatic file opening.

Run with reduced privileges

all

Run Photoshop with standard user privileges instead of administrative rights to limit potential damage.

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized Photoshop execution
Use endpoint detection and response (EDR) tools to monitor for suspicious Photoshop behavior

🔍 How to Verify

Check if Vulnerable:

Check Photoshop version via Help > About Photoshop. If version is 26.0 or earlier, system is vulnerable.

Check Version:

On Windows: Check Photoshop version in Help > About. On macOS: Photoshop > About Photoshop

Verify Fix Applied:

Verify Photoshop version is 26.1 or later after applying update.

📡 Detection & Monitoring

Log Indicators:

Unusual Photoshop process spawning child processes
Photoshop accessing unexpected system resources
Multiple failed file parsing attempts

Network Indicators:

Photoshop making unexpected outbound network connections after file open

SIEM Query:

process_name:"photoshop.exe" AND (child_process_count > 3 OR network_connection_count > 5)

📊 Metadata

CVE ID: CVE-2024-52997

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: December 10, 2024

Last Updated: December 18, 2024

🔗 References

https://helpx.adobe.com/security/products/photoshop/apsb24-101.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52997, you might also want to check these: