The vulnerability could lead to arbitrary code execution.
Users must update their vulnerable libraries manually.
Drupal’s advisory also included three patches for “moderately critical” bugs.
The update includes nine security patches overall.
Adobe’s August Patch Tuesday release impacts Flash Player, and Acrobat DC and Reader.
Microsoft patches 17 critical bugs and 34 important bugs as part of its monthly security bulletin.
The company issued fixes for 112 vulnerabilities in products spanning from Flash Player, Acrobat and Reader, Experience Manager, to Adobe Connect.
An exploit allows attackers to remotely overwrite archive files with their own content, and from there pivot to achieving remote command execution on the machine.