CVE-2016-0953

CRITICAL

Adobe Photoshop CC <15.2.4 & Bridge CC <6.2 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0953. PoCs published by Francis Provencher.

AI-analyzed exploit summary This is a writeup describing a memory corruption vulnerability in Adobe Photoshop CC and Bridge CC, which can be exploited via a malformed IFF file to achieve remote code execution. The PoC is referenced but not included in the provided text.

Description

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0952.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Francis Provencher · textdoswindows
https://www.exploit-db.com/exploits/39431

This is a writeup describing a memory corruption vulnerability in Adobe Photoshop CC and Bridge CC, which can be exploited via a malformed IFF file to achieve remote code execution. The PoC is referenced but not included in the provided text.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Adobe Photoshop CC 16.1.1 (2015.1.1) and earlier, Adobe Bridge CC 6.1.1 and earlier
No auth needed
Prerequisites: User interaction to open a malicious IFF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39431/
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/photoshop/apsb16-03.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034979

Scores

CVSS v3 9.8
EPSS 0.1755
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
adobe/bridge_cc < 6.1
adobe/photoshop_cc < 16.1.1
Published Feb 10, 2016
Tracked Since Feb 18, 2026