CVE-2023-22236: Adobe Animate Heap-based Buffer Overflow Arbitrary code execution
First published: Fri Feb 17 2023(Updated: )
Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Animate | >=22.0.0<=22.0.8 | |
| Adobe Animate | =23.0.0 | |
| Apple macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Adobe Animate vulnerability?
The vulnerability ID for this Adobe Animate vulnerability is CVE-2023-22236.
Which versions of Adobe Animate are affected by this vulnerability?
Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by this vulnerability.
What is the severity rating of CVE-2023-22236?
The severity rating of CVE-2023-22236 is high with a score of 7.8.
What is the impact of this vulnerability?
This vulnerability could result in arbitrary code execution in the context of the current user.
How can this vulnerability be exploited?
Exploitation of this vulnerability requires user interaction in that a victim must open a malicious file.
Is Apple macOS or Microsoft Windows affected by this vulnerability?
No, Apple macOS and Microsoft Windows are not affected by this vulnerability.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following link: [Adobe Security Bulletin APSB23-15](https://helpx.adobe.com/security/products/animate/apsb23-15.html).
What are the Common Weakness Enumeration (CWE) IDs associated with this vulnerability?
The Common Weakness Enumeration (CWE) IDs associated with this vulnerability are CWE-119, CWE-787, and CWE-122.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/adobe
- canonical/adobe animate
- version/adobe animate/22.0.0
- version/adobe animate/22.0.8
- version/adobe animate/23.0.0
- vendor/apple
- canonical/apple macos
- vendor/microsoft
- canonical/microsoft windows