CVE-2020-9749: Out-of-bounds read vulnerability in Adobe Animate 20.5
First published: Wed Oct 21 2020(Updated: )
Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Animate | <=20.5 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is Adobe Animate version 20.5 (and earlier) affected by?
Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability.
What is the potential impact of this vulnerability?
This vulnerability could result in arbitrary code execution in the context of the current user.
How can this vulnerability be exploited?
Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.
What is the severity of CVE-2020-9749?
The severity of this vulnerability is critical with a CVSS score of 7.8.
Is Microsoft Windows affected by this vulnerability?
No, Microsoft Windows is not vulnerable to this specific vulnerability.
How can I fix this vulnerability?
Update to a version of Adobe Animate that is not affected by this vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/tags
- vendor/adobe
- canonical/adobe animate
- version/adobe animate/20.5
- vendor/microsoft
- canonical/microsoft windows