CVE-2021-28549: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) were affected by a Buffer Overflow vulnerability (CVE-2021-28549) when parsing specially crafted JSX files. The vulnerability was discovered and disclosed in April 2021, affecting both Windows and macOS operating systems (NVD, Adobe Advisory).

The vulnerability is classified as a Buffer Overflow (CWE-120) with a CVSS v3.1 base score of 7.8 (High). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring no privileges (PR:N) but needs user interaction (UI:R). The scope is unchanged (S:U), with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability could allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. The exploitation requires user interaction, specifically requiring a victim to open a malicious JSX file (NVD, Threatpost).

Adobe released security patches to address this vulnerability. Users are recommended to update to the latest version of Adobe Photoshop through the Help > Check for Updates menu option. The vulnerability was given a Priority 3 rating by Adobe, suggesting administrators can install the update at their discretion (Threatpost).

Security researchers noted that while Photoshop has historically not been a primary target for attackers, this vulnerability should be taken seriously due to its high severity rating. The vulnerability was discovered and reported by guoxi of venustech ADLab, who worked with Adobe to address the issue (Threatpost).