A high-severity vulnerability has been identified in multiple products from the vendor "In". This flaw exists in the component responsible for processing DNG image files and could allow an attacker to execute malicious code on a user's system if they open a specially crafted image, potentially leading to a full system compromise.

The vulnerability exists within the dng_lossless_decoder::HuffDecode function, which is part of the library responsible for processing lossless JPEG compression in DNG (Digital Negative) image files. An attacker can create a malicious DNG file with malformed Huffman-coded data. When an application using the vulnerable library attempts to open or process this file, it can trigger a memory corruption error, such as a buffer overflow, leading to arbitrary code execution in the security context of the user running the application.

This is a high-severity vulnerability with a CVSS score of 7.5. Successful exploitation could allow an attacker to take control of an affected system, leading to significant business risks. These risks include the theft of sensitive corporate or personal data, the installation of persistent malware like ransomware or spyware, and the disruption of critical business operations that rely on the compromised system. The impact is particularly high for workstations involved in media processing, design, or photography where the handling of DNG files is common.

Immediate Action: The primary remediation step is to apply the security updates provided by the vendor across all affected systems immediately. After patching, it is crucial to monitor systems for any signs of post-patch exploitation attempts and to review relevant application and system logs for indicators of compromise that may have occurred before the patch was applied.

Proactive Monitoring: Monitor for unexpected crashes in applications that process DNG files. Security teams should look for anomalous process creation originating from these applications, especially child processes like command shells or PowerShell. Network monitoring should be used to detect unusual outbound connections from workstations after a user interacts with a DNG image file.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Block the receipt of DNG files from untrusted or external sources at the email gateway and other ingress points.
• Use application control solutions (e.g., AppLocker) to prevent the execution of unauthorized code.
• Ensure Endpoint Detection and Response (EDR) solutions are deployed and configured to detect and block memory exploitation techniques and suspicious process behavior.

Public Exploit Available: false

Due to the high severity rating (CVSS 7.5) and the potential for arbitrary code execution through a common file type, we strongly recommend that organizations prioritize the immediate deployment of vendor-supplied security patches. Although this CVE is not currently on the CISA KEV list, the risk of future exploitation is significant. Organizations should identify all systems running the affected software components, apply the necessary updates as soon as possible, and verify that the patches have been successfully installed.