Vulnerability

CERT-In Vulnerability Note CIVN-2024-0346
Multiple Vulnerabilities in Adobe Products

Original Issue Date:November 25, 2024

Severity Rating: HIGH

Software Affected

Adobe Bridge 13.0.9 and earlier versions
Adobe Bridge 14.1.2 and earlier versions
Adobe Audition 24.4.6 and earlier versions
Adobe Audition 23.6.9 and earlier versions
Adobe After Effects 24.6.2 and earlier versions
Adobe After Effects 23.6.9 and earlier versions
Adobe Substance 3D Painter 10.1.0 and earlier versions
Illustrator 2024 28.7.1 and earlier versions
Adobe InDesign ID19.5 and earlier versions
Adobe InDesign ID18.5.3 and earlier versions
Adobe InDesign ID18.5.2 and earlier versions
Photoshop 2023 24.7.3 and earlier versions
Photoshop 2024 25.11 and earlier versions
Adobe Commerce and Magento Open Source powered by Commerce Services and deployed as SaaS (Commerce Services Connector) 3.2.5 and earlier versions

Overview

Multiple Vulnerabilities have been reported in Adobe products which could be exploited by an attacker to execute arbitrary code, access sensitive data, and cause denial of service (DoS) condition on the targeted system.

Target audience:
System administrators, Security teams or end-users of Adobe creative software products.

Risk assessment:
High risk unauthorized access to sensitive data and system instability.

Impact assessment:
Potential for access to sensitive data, data modification, manipulation and service disruption.

Description

Multiple vulnerabilities exist in Adobe Products due to use after free errors, out-of-bounds write, out-of-bounds read issues, NULL Pointer Dereference, Heap-based Buffer Overflow, Integer Underflow (Wrap or Wraparound), Server-Side Request Forgery, Double Free and Untrusted Search Path.

Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code, access sensitive data, memory leak and cause denial of service (DoS) condition on the targeted system.

Solution

Apply appropriate software updates as mentioned in the Adobe Security Bulletin:
https://helpx.adobe.com/security.html

Vendor Information

References

CVE Name
CVE-2024-45147
CVE-2024-47458
CVE-2024-47449
CVE-2024-47441
CVE-2024-47442
CVE-2024-47443
CVE-2024-47444
CVE-2024-47445
CVE-2024-47446
CVE-2024-49525
CVE-2024-49519
CVE-2024-47426
CVE-2024-47427
CVE-2024-47428
CVE-2024-47429
CVE-2024-47430
CVE-2024-49515
CVE-2024-49516
CVE-2024-47431
CVE-2024-49517
CVE-2024-47432
CVE-2024-49518
CVE-2024-49520
CVE-2024-47433
CVE-2024-47434
CVE-2024-47435
CVE-2024-47436
CVE-2024-47437
CVE-2024-47438
CVE-2024-47439
CVE-2024-47440
CVE-2024-45114
CVE-2024-47450
CVE-2024-47451
CVE-2024-47452
CVE-2024-47453
CVE-2024-47454
CVE-2024-47455
CVE-2024-47456
CVE-2024-47457
CVE-2024-49508
CVE-2024-49509
CVE-2024-49510
CVE-2024-49511
CVE-2024-49512
CVE-2024-49514
CVE-2024-49521

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-22902657

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India