CVE-2015-3111

Adobe Photoshop CC <16.0 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3111.

AI-analyzed exploit summary The document describes a memory corruption vulnerability in Adobe Photoshop CC 2014 and Bridge CC 2014 due to an error in the PNG parser when processing a crafted PNG image with an oversized 'Length' value in the 'CHUNK' structure. Successful exploitation could lead to arbitrary code execution, but requires user interaction to open or preview a malicious file.

Description

Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.

Exploits (1)

exploitdb WRITEUP
doswindows
https://www.exploit-db.com/exploits/37348

The document describes a memory corruption vulnerability in Adobe Photoshop CC 2014 and Bridge CC 2014 due to an error in the PNG parser when processing a crafted PNG image with an oversized 'Length' value in the 'CHUNK' structure. Successful exploitation could lead to arbitrary code execution, but requires user interaction to open or preview a malicious file.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Adobe Photoshop CC 2014, Adobe Bridge CC 2014
No auth needed
Prerequisites: User interaction to open or preview a malicious PNG file
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032659
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75240
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032658

Scores

EPSS 0.1948
EPSS Percentile 97.0%

Details

CWE
CWE-119
Status published
Products (2)
adobe/bridge < 6.1
adobe/photoshop_cc < 15.2.2
Published Jun 24, 2015
Tracked Since Feb 18, 2026