CVE-2021-43018: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected by an out-of-bounds write vulnerability identified as CVE-2021-43018. The vulnerability requires user interaction, specifically opening a malicious JPG file, and could result in arbitrary code execution in the context of the current user (NVD).

The vulnerability exists within the parsing of JPEG2000 images. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH with the vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. This could potentially lead to unauthorized control over the affected system with the same privileges as the user running Photoshop (ZDI).

Adobe has released security updates to address this vulnerability. Users should update to versions newer than Photoshop 23.0.2 and 22.5.4 to mitigate this security risk (SecurityWeek).

The vulnerability was disclosed as part of Adobe's December 2021 Patch Tuesday security updates. Adobe rated this vulnerability as 'critical' along with two other Photoshop vulnerabilities (CVE-2021-43020 and CVE-2021-44184) that were patched in the same update cycle (SecurityWeek).