After Effects | Out-of-bounds Write (CWE-787)
CVE-2024-47441

7.8HIGH

Key Information:

Vendor: Adobe
Status: After Effects
Vendor: CVE Published:; 12 November 2024

Summary

Adobe After Effects versions 23.6.9, 24.6.2 and earlier are susceptible to an out-of-bounds write vulnerability that enables arbitrary code execution under the context of the current user. This security issue necessitates user interaction, where a victim must open a specially crafted malicious file for exploitation to occur. The implications of this vulnerability underscore the importance of updating affected versions to ensure the integrity and security of user systems.

Affected Version(s)

After Effects 0 <= 24.6.2

References

https://helpx.adobe.com/security/products/after_effects/a...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD DatabaseMitre Database