First published: Fri Sep 13 2024(Updated: )
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Any of | ||
Adobe Media Encoder 2022 | <23.6.9 | |
Adobe Media Encoder 2022 | >=24.0<24.6 | |
Any of | ||
Apple iOS and macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-41870 has been classified as a significant security vulnerability due to its potential for sensitive information disclosure.
To remediate CVE-2024-41870, users should update Adobe Media Encoder to version 23.6.9 or later, or to version 24.6 or later.
CVE-2024-41870 is an out-of-bounds read vulnerability that may allow attackers to bypass security mitigations.
CVE-2024-41870 affects Adobe Media Encoder versions 24.5, 23.6.8, and earlier.
Yes, exploitation of CVE-2024-41870 requires user interaction.