Audition Buffer Overflow Vulnerability Could Lead to Arbitrary Code Execution
CVE-2024-20739

7.8HIGH

Key Information:

Vendor: Adobe
Status: Audition
Vendor: CVE Published:; 15 February 2024

Summary

Adobe Audition versions 24.0.3 and 23.6.2, along with earlier iterations, are susceptible to a Heap-based Buffer Overflow vulnerability. This flaw could allow an attacker to execute arbitrary code within the context of the current user. Exploitation of this vulnerability necessitates user interaction, as it requires the victim to open a specially crafted file. It's important for users of affected versions to be aware of this risk and take appropriate measures to secure their systems against potential exploits.

Affected Version(s)

Audition 0 <= 23.6.2

References

https://helpx.adobe.com/security/products/audition/apsb24...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2024
Vulnerability Reserved
Dec 4, 2023