First published: Thu Nov 16 2023(Updated: )
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|Affected Software||Affected Version||How to fix|
|Adobe Media Encoder||<=23.6.0|
|Adobe Media Encoder||>=24.0.0<=24.0.2|
CVE-2023-47040 is a vulnerability in Adobe Media Encoder that allows for remote code execution due to an out-of-bounds read vulnerability.
Adobe Media Encoder version 24.0.2 and earlier, as well as version 23.6 and earlier, are affected by CVE-2023-47040.
An attacker can exploit CVE-2023-47040 by crafting a file that triggers the out-of-bounds read vulnerability, which could allow them to execute code in the context of the application.
The severity of CVE-2023-47040 is high, with a severity value of 7.8.
No, Apple macOS and Microsoft Windows are not affected by CVE-2023-47040.
To fix the CVE-2023-47040 vulnerability in Adobe Media Encoder, update to version 23.6.0 or later for versions prior to 24.0.0, or update to version 24.0.2 or later for versions between 24.0.0 and 24.0.2.