Microsoft
Microsoft promptly patched CVE-2023-28303 vulnerability in Windows 10/11 Snipping Tool application. The company gave this bug a CVSS score of 3.3 (low hazard). On the contrary, experts believe that the Snipping Tool bug poses a serious data privacy problem.
If a user shares an image, such as a credit card with an edited number, or sends a cropped image, the recipient of such a PNG file could partially recover the original version of the screenshot.
Microsoft thanked developers and researchers Simon Aarons, David Buchanan and Chris Blum, who first identified the problem in the Scissors app and reported the vulnerability in an extended report to the company.