CVE-2022-28274: 
Adobe Photoshop vulnerability analysis and mitigation

Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) were identified with a critical security vulnerability (CVE-2022-28274) discovered in May 2022. The vulnerability is characterized as an out-of-bounds read vulnerability that occurs when parsing crafted files, which could result in a read past the end of an allocated memory structure (NVD).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that occurs during file parsing operations. It received a CVSS v2.0 base score of 9.3 (HIGH) with vector (AV:N/AC:M/Au:N/C:C/I:C/A:C), and a CVSS v3.0 score of 7.8 (HIGH) with vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute code in the context of the current user. The vulnerability could potentially lead to arbitrary code execution, enabling attackers to take control of affected systems when users open malicious files (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to versions newer than 22.5.6 (for the earlier branch) or 23.2.2 (for the later branch) to mitigate this security risk (Adobe Advisory).