Media Encoder | Out-of-bounds Write (CWE-787)
CVE-2024-49553

7.8HIGH

Key Information:

Vendor: Adobe
Status: Media Encoder
Vendor: CVE Published:; 10 December 2024

Summary

Adobe Media Encoder versions 25.0, 24.6.3, and earlier are susceptible to an out-of-bounds write vulnerability. This flaw could lead to arbitrary code execution, allowing an attacker to execute malicious code within the context of the affected user. Exploitation necessitates user interaction, as it requires the target to open a specially crafted file. Users are encouraged to avoid opening files from untrusted sources and to update their software to the latest versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

Media Encoder 0 <= 24.6.3

References

https://helpx.adobe.com/security/products/media-encoder/a...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024