CVE-2024-34117

CWE-416 — Use After Free3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 68.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Photoshop Adobe Photoshop Desktop

Timeline

PublishedAug 14

Description

Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5adobe/photoshop_desktop25.9.1

▶NVDadobe/photoshop24.2 — 24.7.4+1

🔴Vulnerability Details

GHSA

GHSA-j37c-74rm-9vvc: Photoshop Desktop versions 24↗2024-08-14

▶

CVEList

Adobe Photoshop 2024 MPO File Parsing Use-After-Free vulnerability↗2024-08-14

▶