CVE-2020-24418 HIGH

CVE-2020-24418: Adobe After Effects Out-of-Bounds Read Vulnerability

Vendor Adobe
Product After Effects
Weakness CWE-125
Published October 21, 2020
Last update September 16, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit.

Key dates

02Disclosure timeline

October 21, 2020 CVE published
September 16, 2024 Record updated