After Effects | Out-of-bounds Write (CWE-787)
CVE-2024-47443

7.8HIGH

Key Information:

Vendor: Adobe
Status: After Effects
Vendor: CVE Published:; 12 November 2024

Summary

Adobe After Effects versions 23.6.9, 24.6.2 and earlier are susceptible to an out-of-bounds write vulnerability. This flaw enables malicious actors to execute arbitrary code with the privileges of the current user, contingent on the user opening a specially crafted malicious file. Due to the reliance on user interaction for exploitation, this vulnerability necessitates awareness and prevention strategies among users to mitigate potential risks. Adobe has recommended immediate updates to patch this vulnerability, and users are urged to install the latest versions to ensure their systems remain secure.

Affected Version(s)

After Effects 0 <= 24.6.2

References

https://helpx.adobe.com/security/products/after_effects/a...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD DatabaseMitre Database