CVE-2020-9744

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.1HIGH

EPSS

1.6%

top 18.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Media Encoder

Timeline

PublishedSep 18

Latest updateMay 24

Description

Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:LExploitability: 1.8 | Impact: 4.2

Affected Packages2 packages

▶CVEListV5adobe/media_encoderunspecified — 14.3.2+1

▶NVDadobe/media_encoder14.3.2

🔴Vulnerability Details

GHSA

GHSA-j5pg-5f9j-cc85: Adobe Media Encoder version 14↗2022-05-24

▶

CVEList

Adobe Media Encoder WMV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability↗2020-09-18

▶