Lucene search

AdobeCVELIST:CVE-2024-34117

HistoryAug 14, 2024 - 2:58 p.m.

CVE-2024-34117 Adobe Photoshop 2024 MPO File Parsing Use-After-Free vulnerability

2024-08-1414:58:55

CWE-416

adobe

www.cve.org

adobe photoshop

mpo file parsing

use-after-free

vulnerability

desktop versions

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.3%

JSON

Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Photoshop Desktop",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "25.9.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/photoshop/apsb24-49.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.3%

JSON

Related for CVELIST:CVE-2024-34117