Adobe After Effects Under Attack: Stack-Based Buffer Overflow Vulnerability
CVE-2024-41867

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: After Effects
Vendor: CVE Published:; 13 September 2024

What is CVE-2024-41867?

After Effects versions 23.6.6, 24.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could lead to arbitrary file system write operations. An attacker could leverage this vulnerability to modify or corrupt files, potentially leading to a compromise of system integrity. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Version(s)

After Effects 0 <= 24.5

References

https://helpx.adobe.com/security/products/after_effects/a...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Jul 22, 2024