Out-of-Bounds Read Vulnerability in After Effects by Adobe
CVE-2024-47446

5.5MEDIUM

Key Information:

Vendor: Adobe
Status: After Effects
Vendor: CVE Published:; 12 November 2024

Summary

Adobe After Effects versions 23.6.9 and 24.6.2 are susceptible to an out-of-bounds read vulnerability that could enable the disclosure of sensitive memory. This flaw allows attackers to bypass essential protection measures, including Address Space Layout Randomization (ASLR). Exploiting this vulnerability necessitates user interaction, as it requires the user to open a specially crafted malicious file, thereby putting their sensitive information at risk.

References

https://helpx.adobe.com/security/products/after_effects/a...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024