CVE-2020-24418 — Out-of-bounds Read in Adobe After Effects

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.8HIGHNVD

EPSS

2.4%

top 14.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe After Effects

Timeline

PublishedOct 21

Latest updateMay 24

Description

Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5adobe/after_effectsunspecified — 17.1.1+1

▶NVDadobe/after_effects17.1.1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-73gv-jg38-6pvm: Adobe After Effects version 17↗2022-05-24

▶

CVEList

Adobe After Effects Out-of-Bounds Read Vulnerability↗2020-10-21

▶