After Effects | Out-of-bounds Write (CWE-787)
CVE-2024-47443

7.8HIGH

Key Information:

Vendor: Adobe
Status: After Effects
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-47443?

Adobe After Effects versions 23.6.9, 24.6.2 and earlier are susceptible to an out-of-bounds write vulnerability. This flaw enables malicious actors to execute arbitrary code with the privileges of the current user, contingent on the user opening a specially crafted malicious file. Due to the reliance on user interaction for exploitation, this vulnerability necessitates awareness and prevention strategies among users to mitigate potential risks. Adobe has recommended immediate updates to patch this vulnerability, and users are urged to install the latest versions to ensure their systems remain secure.

Affected Version(s)

After Effects 0 <= 24.6.2

References

https://helpx.adobe.com/security/products/after_effects/a...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2024