OpenCVE

Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Adobe	Lightroom

Configuration 1 [-]

OR	cpe:2.3:a:adobe:lightroom::::::::
	cpe:2.3:a:adobe:lightroom:::::classic:::*
	cpe:2.3:a:adobe:lightroom:::::classic:::*

No data.

References

Link	Providers
https://helpx.adobe.com/security/products/lightroom/apsb24-78.html

History

Fri, 18 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Adobe Adobe lightroom
CPEs		cpe:2.3:a:adobe:lightroom:::::::: cpe:2.3:a:adobe:lightroom:::::classic:::*
Vendors & Products		Adobe Adobe lightroom

Wed, 09 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 09 Oct 2024 09:45:00 +0000

Type	Values Removed	Values Added
Description		Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title		Lightroom Desktop \| Out-of-bounds Read (CWE-125)
Weaknesses		CWE-125
References		https://helpx.adobe.com/security/products/lightroom/apsb24-78.html
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-10-09T09:42:08.760Z

Updated: 2024-10-09T13:19:21.497Z

Reserved: 2024-08-21T23:00:59.351Z

Link: CVE-2024-45145

Vulnrichment

Updated: 2024-10-09T13:19:15.400Z

NVD

Status : Analyzed

Published: 2024-10-09T10:15:03.283

Modified: 2024-10-18T14:26:54.053

Link: CVE-2024-45145

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45145", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2024-08-21T23:00:59.351Z", "datePublished": "2024-10-09T09:42:08.760Z", "dateUpdated": "2024-10-09T13:19:21.497Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Lightroom Desktop", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "12.5.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-10-08T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2024-10-09T09:42:08.760Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/lightroom/apsb24-78.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Lightroom Desktop | Out-of-bounds Read (CWE-125)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T13:16:58.845375Z", "id": "CVE-2024-45145", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T13:19:21.497Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45145", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-09T13:16:58.845375Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T13:19:15.400Z"}}], "cna": {"title": "Lightroom Desktop | Out-of-bounds Read (CWE-125)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "modifiedScope": "UNCHANGED", "temporalScore": 5.5, "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "MEDIUM", "availabilityImpact": "NONE", "environmentalScore": 5.5, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "HIGH", "environmentalSeverity": "MEDIUM", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "NONE", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Lightroom Desktop", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "12.5.1"}], "defaultStatus": "affected"}], "datePublic": "2024-10-08T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/lightroom/apsb24-78.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2024-10-09T09:42:08.760Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45145", "state": "PUBLISHED", "dateUpdated": "2024-10-09T13:19:21.497Z", "dateReserved": "2024-08-21T23:00:59.351Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2024-10-09T09:42:08.760Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:lightroom:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EAD0BC0-5BCC-4CA7-AAB3-058D6DE2053F", "versionEndExcluding": "7.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:lightroom:*:*:*:*:classic:*:*:*", "matchCriteriaId": "FAE977B5-7EAE-4278-896B-87DCF8089996", "versionEndExcluding": "12.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:lightroom:*:*:*:*:classic:*:*:*", "matchCriteriaId": "C6FFB5C3-F6BA-4AB3-BFB1-B9F3ED4E408F", "versionEndExcluding": "13.5.1", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones 7.4.1, 13.5, 12.5.1 y anteriores de Lightroom Desktop se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."}], "id": "CVE-2024-45145", "lastModified": "2024-10-18T14:26:54.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2024-10-09T10:15:03.283", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/lightroom/apsb24-78.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "psirt@adobe.com", "type": "Primary"}]}