After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apple
Apple macos Microsoft Microsoft windows |
|
CPEs | cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Apple
Apple macos Microsoft Microsoft windows |
Tue, 12 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Adobe
Adobe after Effects |
|
CPEs | cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:* | |
Vendors & Products |
Adobe
Adobe after Effects |
|
Metrics |
ssvc
|
Tue, 12 Nov 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |
Title | After Effects | Out-of-bounds Read (CWE-125) | |
Weaknesses | CWE-125 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-11-12T18:20:17.216Z
Updated: 2024-11-12T20:05:21.402Z
Reserved: 2024-09-24T17:40:22.373Z
Link: CVE-2024-47446
Vulnrichment
Updated: 2024-11-12T19:58:05.160Z
NVD
Status : Analyzed
Published: 2024-11-12T19:15:14.377
Modified: 2024-11-14T19:10:24.197
Link: CVE-2024-47446
Redhat
No data.