CVE-2011-2131

Adobe Photoshop 12.0-12.1 - Remote Code Execution via Crafted GIF File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2131. PoCs published by Francis Provencher.

AI-analyzed exploit summary This is a writeup describing a remote code execution vulnerability in Adobe Photoshop CS5 (12.0 and 12.1) via a maliciously crafted GIF file. The vulnerability is triggered by an invalid 'ushort ImageHeight' value, leading to memory corruption and arbitrary code execution.

Description

Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Francis Provencher · textdoswindows
https://www.exploit-db.com/exploits/17712

This is a writeup describing a remote code execution vulnerability in Adobe Photoshop CS5 (12.0 and 12.1) via a maliciously crafted GIF file. The vulnerability is triggered by an invalid 'ushort ImageHeight' value, leading to memory corruption and arbitrary code execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Photoshop CS5 (12.0 and 12.1)
No auth needed
Prerequisites: User interaction required to open a malicious GIF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA11-222A.html
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb11-22.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8347

Scores

EPSS 0.2324
EPSS Percentile 97.5%

Details

CWE
CWE-119
Status published
Products (4)
adobe/creative_suite 5
adobe/creative_suite 5.1
adobe/photoshop 12.0
adobe/photoshop 12.1
Published Aug 11, 2011
Tracked Since Feb 18, 2026