CVE-2026-47963
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
The vulnerability in DNG SDK versions 1.7.1 2536 and earlier is caused by an out-of-bounds read, potentially leading to disclosure of sensitive memory. An attacker could exploit this to obtain confidential information, but user interaction is required as the victim must open a malicious file.
Risk Assessment
The risk involves potential leakage of sensitive data from process memory, which could expose the organization to information theft or further attacks.
Recommendation
It is recommended to immediately update DNG SDK to a version later than 1.7.1 2536 and train users not to open suspicious files.
Original NVD description (English source)
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

