Severity
Medium
Analysis Summary
CVE-2023-48632 CVSS: 7.8
Adobe After Effects could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-48633 CVSS: 7.8
Adobe After Effects could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-48634 CVSS: 7.8
Adobe After Effects could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By persuading a victim to open a specially crafted document, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-48635 CVSS: 3.3
Adobe After Effects could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-48632
- CVE-2023-48633
- CVE-2023-48634
- CVE-2023-48635
Affected Vendors
Adobe
Affected Products
- Adobe After Effects 24.0.3
- Adobe After Effects 23.6.0
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.