Animate | NULL Pointer Dereference (CWE-476)
CVE-2024-45156

7.8HIGH

Key Information:

Vendor: Adobe
Status: Animate
Vendor: CVE Published:; 10 December 2024

What is CVE-2024-45156?

Adobe Animate contains a NULL Pointer Dereference vulnerability that affects versions 23.0.8, 24.0.5, and earlier. This flaw allows an attacker to execute arbitrary code in the context of the currently logged-in user. Exploitation of this vulnerability requires user interaction, specifically the opening of a malicious file crafted to trigger the flaw. Users of affected versions are strongly advised to upgrade to the latest version or apply patches to mitigate potential risks.

Affected Version(s)

Animate 0 <= 24.0.5

References

https://helpx.adobe.com/security/products/animate/apsb24-...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2024