Media Encoder | Heap-based Buffer Overflow (CWE-122)
CVE-2024-49552

7.8HIGH

Key Information:

Vendor: Adobe
Status: Media Encoder
Vendor: CVE Published:; 10 December 2024

Summary

Adobe Media Encoder, including versions 25.0 and 24.6.3 and earlier, contains a heap-based buffer overflow vulnerability. This vulnerability allows an attacker to execute arbitrary code in the context of the current user by manipulating and opening a malicious file. Successful exploitation of this vulnerability is contingent upon the user opening the malicious file, which poses a significant risk to system security and could lead to unauthorized access and manipulation of system resources.

Affected Version(s)

Media Encoder 0 <= 24.6.3

References

https://helpx.adobe.com/security/products/media-encoder/a...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024