CVE-2021-28548: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) were affected by a Buffer Overflow vulnerability (CVE-2021-28548) when parsing specially crafted JSX files. The vulnerability was discovered and disclosed in March 2021, affecting both Windows and macOS versions of Adobe Photoshop (Adobe Advisory, MITRE).

The vulnerability is classified as a Buffer Overflow (CWE-120) that occurs during the parsing of JSX files. It received a CVSS v3.0 base score of 7.8 (HIGH) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access with low attack complexity and requiring user interaction (NVD).

Successful exploitation of this vulnerability could allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. The impact is significant as it could lead to complete compromise of the affected system, though exploitation requires user interaction in the form of opening a malicious file (MITRE, Qualys Alert).

Adobe addressed this vulnerability by releasing security updates for affected versions. Users should update to versions newer than Photoshop 21.2.6 and 22.3 respectively (Adobe Advisory).