CVE-2026-47927
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
The vulnerability in DNG SDK versions 1.7.1 2536 and earlier is caused by an out-of-bounds read, which could lead to disclosure of sensitive memory. An attacker could exploit this to access confidential information, but user interaction is required as the victim must open a malicious file.
Risk Assessment
The risk involves potential leakage of sensitive data from process memory, which could expose the organization to information theft or further attacks. User interaction requirement limits remote exploitation but still poses a threat via social engineering.
Recommendation
It is recommended to immediately update DNG SDK to a version later than 1.7.1 2536, which includes the fix. Additionally, users should be trained to exercise caution when opening unknown files.
Original NVD description (English source)
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

