Request a Demo
Rewterz
Multiple Cisco Products Vulnerabilities
September 17, 2024
Rewterz
Multiple Linux Kernel Vulnerabilities
September 17, 2024

Multiple Adobe Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-39395 CVSS:5.5

Adobe InDesign is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-41866 CVSS:5.5

Adobe InDesign is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-45110 CVSS:5.5

Adobe Photoshop could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-41867 CVSS:5.5

Adobe After Effects could allow a remote attacker to obtain sensitive information, caused by a stack-based buffer overflow. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-43759 CVSS:3.3

Adobe Illustrator is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-41873 CVSS:5.5

Adobe Media Encoder could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-39385 CVSS:3.3

Adobe Premiere Pro could allow a remote attacker to obtain sensitive information, caused by a use-after-free error. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

Impact

  • Denial of Service
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-39395
  • CVE-2024-41866
  • CVE-2024-45110
  • CVE-2024-41867
  • CVE-2024-43759
  • CVE-2024-41873
  • CVE-2024-39385

Affected Vendors

Adobe

Affected Products

  • Adobe InDesign Desktop - ID18.5.2
  • Adobe InDesign Desktop - ID19.4
  • Adobe Photoshop 2023 - 24.7.4
  • Adobe Photoshop 2024 - 25.11
  • Adobe After Effects - 24.5
  • Adobe After Effects - 23.6.6
  • Adobe Illustrator 2023 - 27.9.5
  • Adobe Illustrator 2024 - 28.6
  • Adobe Media Encoder 24.5
  • Adobe Media Encoder 23.6.8
  • Adobe Premiere Pro 24.5
  • Adobe Premiere Pro 23.6.8

Remediation

Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-39395

CVE-2024-41866

CVE-2024-45110

CVE-2024-41867

CVE-2024-43759

CVE-2024-41873

CVE-2024-39385