Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
History

Thu, 12 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
Description Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Mon, 16 Sep 2024 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Fri, 13 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe media Encoder
CPEs cpe:2.3:a:adobe:media_encoder:*:*:*:*:*:*:*:*
Vendors & Products Adobe
Adobe media Encoder
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 13 Sep 2024 07:15:00 +0000

Type Values Removed Values Added
Description Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Media Encoder | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-09-13T07:00:17.433Z

Updated: 2024-12-12T17:26:59.468Z

Reserved: 2024-07-22T17:16:40.942Z

Link: CVE-2024-41871

cve-icon Vulnrichment

Updated: 2024-09-13T14:09:34.023Z

cve-icon NVD

Status : Modified

Published: 2024-09-13T07:15:04.097

Modified: 2024-12-12T18:15:24.320

Link: CVE-2024-41871

cve-icon Redhat

No data.