Back

CVE-2024-41867

Sept. 13, 2024, 5:27 p.m.

Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.

Products

After Effects

  • 23.6.6
  • 24.5 and earlier

after_effects

  • *

macos

  • -

windows

  • -

Source

psirt@adobe.com

Tags

CWE-787
CWE-121
psirt@adobe.com
CWE-119
2024-09-13
CVE-2024-41867

CVE-2024-41867 details

Published : Sept. 13, 2024, 9:15 a.m.
Last Modified : Sept. 13, 2024, 5:27 p.m.

Description

After Effects versions 23.6.6, 24.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could lead to arbitrary file system write operations. An attacker could leverage this vulnerability to modify or corrupt files, potentially leading to a compromise of system integrity. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Score

1 2 3 4 5.5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CWE-121 Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 Out-of-bounds Write The product writes data past the end, or before the beginning, of the intended buffer.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

5.5

Exploitability Score

1.8

Impact Score

3.6

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

URL Source
https://helpx.adobe.com/security/products/after_effects/apsb24-55.html psirt@adobe.com

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a adobe after_effects / / / / / / / /
a adobe after_effects / / / / / / / /
o apple macos - / / / / / / /
o microsoft windows - / / / / / / /
This website uses the NVD API, but is not approved or certified by it.