CVE-2024-20790: Adobe Dimension Memory Corruption Out-of-Bounds-READ Vulnerability I, when parsing FBX file
First published: Wed Aug 14 2024(Updated: )
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Dimension | <=3.4.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-20790?
CVE-2024-20790 is classified as a medium severity vulnerability due to potential unauthorized memory disclosure.
How do I fix CVE-2024-20790?
To mitigate CVE-2024-20790, users should upgrade to Adobe Dimension version 3.4.12 or later.
What are the potential impacts of exploiting CVE-2024-20790?
Exploitation of CVE-2024-20790 could allow an attacker to disclose sensitive memory and bypass security measures like ASLR.
Which versions of Adobe Dimension are affected by CVE-2024-20790?
CVE-2024-20790 affects Adobe Dimension versions 3.4.11 and earlier.
Does CVE-2024-20790 require user interaction for exploitation?
Yes, exploitation of CVE-2024-20790 requires user interaction.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/adobe
- canonical/adobe dimension
- version/adobe dimension/3.4.11