Bridge Buffer Overflow Vulnerability Could Lead to Arbitrary Code Execution
CVE-2024-20755

7.8HIGH

Key Information:

Vendor: Adobe
Status: Bridge
Vendor: CVE Published:; 18 March 2024

What is CVE-2024-20755?

A heap-based buffer overflow vulnerability affects Adobe Bridge versions 13.0.5, 14.0.1, and earlier. This security flaw enables potential arbitrary code execution in the context of the currently logged-in user, posing significant risks when interacting with untrusted files. Successful exploitation necessitates user interaction, as the user must open a specially crafted file designed to trigger the vulnerability. This highlights the critical need for users to exercise caution and adhere to security best practices when handling files from unknown sources.

Affected Version(s)

Bridge 0 <= 14.0.1

References

https://helpx.adobe.com/security/products/bridge/apsb24-1...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2024
Vulnerability Reserved
Dec 4, 2023