CVE-2024-45145: Lightroom Desktop | Out-of-bounds Read (CWE-125)
First published: Wed Oct 09 2024(Updated: )
Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Lightroom | <7.5 | |
| Adobe Lightroom | <12.5.1 | |
| Adobe Lightroom | >=13.0<13.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-45145?
CVE-2024-45145 has a high severity rating due to its potential impact on sensitive memory disclosure.
How do I fix CVE-2024-45145?
To fix CVE-2024-45145, users should update their Adobe Lightroom to version 7.5 or later for desktop and 12.5.1 or later for Lightroom Classic.
Which versions of Adobe Lightroom are affected by CVE-2024-45145?
CVE-2024-45145 affects Lightroom Desktop versions 7.4.1, 13.5, and 12.5.1 and earlier.
Can CVE-2024-45145 be exploited remotely?
CVE-2024-45145 exploitation requires user interaction, making it less likely to be exploited remotely without user action.
What data is at risk due to CVE-2024-45145?
CVE-2024-45145 may lead to the disclosure of sensitive data stored in memory.
- agent/title
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/adobe
- canonical/adobe lightroom
- version/adobe lightroom/13.0