CVE-2022-24096 Adobe After Effects Heap-based Buffer Overflow Arbitrary code execution

🗓️ 11 Mar 2022 17:54:32Reported by adobeType

Adobe After Effects 22.2 and 18.4.4 Heap-based Buffer Overflow vulnerability

Reporter	Title	Published	Views	Family All 14
Tenable Nessus	Adobe After Effects < 18.4.5 / 22.0 < 22.2.1 Arbitrary Code Execution (APSB22-17) (deprecated)	10 Mar 202200:00	–	nessus
Tenable Nessus	Adobe After Effects < 18.4.5 / 22.0 < 22.2.1 Arbitrary Code Execution (APSB22-17)	27 Apr 202300:00	–	nessus
Tenable Nessus	Adobe After Effects < 18.4.5 / 22.0.0 < 22.2.1 Multiple Arbitrary code execution (APSB22-17) (macOS)	21 Oct 202400:00	–	nessus
BDU FSTEC	The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in buffer overflows in the stack, allowing attackers to execute arbitrary code.	25 Apr 202200:00	–	bdu_fstec
Circl	CVE-2022-24096	11 Mar 202220:15	–	circl
CNNVD	Adobe After Effects 缓冲区错误漏洞	9 Mar 202200:00	–	cnnvd
CNVD	Adobe After Effects Buffer Overflow Vulnerability (CNVD-2022-22095)	14 Mar 202200:00	–	cnvd
CVE	CVE-2022-24096	11 Mar 202217:54	–	cve
EUVD	EUVD-2022-29008	3 Oct 202520:07	–	euvd
hivepro	Weekly Threat Digest: 7 – 13 March 2022	14 Mar 202216:24	–	hivepro

[
  {
    "product": "After Effects",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "22.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "18.4.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
helpx	www.helpx.adobe.com/security/products/after_effects/apsb22-17.html

11 Mar 2022 17:54Current

7.9High risk

Vulners AI Score7.9

CVSS 3.17.8

EPSS0.01135

CWE-122