ZDI-CAN-21702: Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2023-47068

7.8HIGH

Key Information:

Vendor: Adobe
Status: After Effects
Vendor: CVE Published:; 17 November 2023

Summary

Adobe After Effects versions 24.0.2 and 23.6, along with earlier iterations, are susceptible to an out-of-bounds read vulnerability during the processing of specially crafted files. This could allow an attacker to read memory beyond allocated structures, potentially leading to the execution of arbitrary code within the context of the current user. Exploitation requires user interaction, as it necessitates that the victim opens a maliciously crafted file.

Affected Version(s)

After Effects 0 <= 23.6

References

https://helpx.adobe.com/security/products/after_effects/a...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2023
Vulnerability Reserved
Oct 30, 2023

Collectors

NVD DatabaseMitre Database