Animate | Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2024-53954

7.8HIGH

Key Information:

Vendor: Adobe
Status: Animate
Vendor: CVE Published:; 10 December 2024

Summary

Adobe Animate versions 23.0.8, 24.0.5, and earlier are susceptible to an Integer Underflow vulnerability, which may allow attackers to execute arbitrary code within the context of a user. The exploitation of this vulnerability necessitates user interaction, as it requires the victim to open a specially crafted malicious file. This weakness stresses the importance of caution when handling unknown file sources to mitigate potential risks.

Affected Version(s)

Animate 0 <= 24.0.5

References

https://helpx.adobe.com/security/products/animate/apsb24-...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024