First published: Fri Nov 17 2023(Updated: )
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|Affected Software||Affected Version||How to fix|
|Adobe After Effects||>=23.0<=23.6|
|Adobe After Effects||>=24.0<24.0.2|
The vulnerability ID for this Adobe After Effects issue is CVE-2023-47072.
The severity of CVE-2023-47072 is low.
Adobe After Effects versions 24.0.2 (and earlier) and 23.6 (and earlier) are affected by CVE-2023-47072.
This vulnerability can be exploited by leveraging the Access of Uninitialized Pointer vulnerability to disclose sensitive memory.
No, Apple macOS and Microsoft Windows are not affected by CVE-2023-47072.
You can find more information about CVE-2023-47072 at the following link: [Adobe Security Bulletin APSB23-66](https://helpx.adobe.com/security/products/after_effects/apsb23-66.html)