CVE Catalog

CVE-2026-47964

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

A heap-based buffer overflow vulnerability in DNG SDK versions 1.7.1 2536 and earlier allows arbitrary code execution in the context of the current user. Exploitation requires user interaction to open a malicious file.

Risk Assessment

An attacker can take control of the victim's system by executing arbitrary code with their privileges, leading to data theft or malware installation.

Recommendation

Update DNG SDK to a version later than 1.7.1 2536 immediately and instruct users not to open files from untrusted sources.

Original NVD description (English source)

DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS