First published: Thu Nov 16 2023(Updated: )
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|Affected Software||Affected Version||How to fix|
|Adobe Media Encoder||<=23.6.0|
|Adobe Media Encoder||>=24.0.0<=24.0.2|
The vulnerability ID is CVE-2023-47043.
Adobe Media Encoder versions 24.0.2 and earlier, and 23.6 and earlier, are affected.
The severity of CVE-2023-47043 is high with a CVSS score of 7.8.
This vulnerability occurs due to an out-of-bounds read when parsing a crafted file.
The vulnerability could result in a read past the end of an allocated memory structure and could be leveraged by an attacker to execute remote code.
No, Apple macOS and Microsoft Windows are not vulnerable to this specific vulnerability.
You can find more information about this vulnerability at the following reference link: [Adobe Security Bulletin APSB23-63](https://helpx.adobe.com/security/products/media-encoder/apsb23-63.html).