Analysis Summary

CVE-2024-41872 CVSS:5.5

Adobe Media Encoder could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-45111 CVSS:5.5

Adobe Illustrator could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-45107 CVSS:5.5

Adobe Acrobat and Adobe Reader could allow a remote attacker to obtain sensitive information, caused by a use-after-free error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

Impact

• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-41872
• CVE-2024-45111
• CVE-2024-45107

Affected Vendors

Affected Products

• Adobe Illustrator 2023 - 27.9.5
• Adobe Illustrator 2024 - 28.6
• Adobe Media Encoder 24.5
• Adobe Media Encoder 23.6.8
• Adobe Acrobat Reader - 0
• Adobe Media Encoder - 0
• Adobe Illustrator - 0
• Adobe Acrobat DC - 24.002.20991
• Adobe Acrobat 2024 - 24.001.30123
• Adobe Acrobat Reader 2020 - 20.005.30636
• Adobe Acrobat 2020 - 20.005.30636

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-41872

CVE-2024-45111

CVE-2024-45107