CVE-2024-45145 – Lightroom Desktop has an out-of-bounds read vul... (How to Fix)

Q: What is the severity of CVE-2024-45145?

CVE-2024-45145 has a CVSS score of 5.5 (MEDIUM). Lightroom Desktop has an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents when users open malicious files. This could help bypass security mitigations like ASLR. Users of Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected.

📋 TL;DR

Lightroom Desktop has an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents when users open malicious files. This could help bypass security mitigations like ASLR. Users of Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected.

💻 Affected Systems

Products:

Adobe Lightroom Desktop

Versions: 7.4.1, 13.5, 12.5.1 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. Requires user interaction to open malicious file.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory disclosure enables ASLR bypass, potentially facilitating more severe attacks like remote code execution through chained exploits.

🟠

Likely Case

Information disclosure of memory contents, possibly revealing sensitive data or system information.

🟢

If Mitigated

Limited impact if user doesn't open untrusted files, with only memory read without write capability.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Lightroom Desktop 7.4.2, 13.6, or 12.5.2 or later

Vendor Advisory: https://helpx.adobe.com/security/products/lightroom/apsb24-78.html

Restart Required: Yes

Instructions:

1. Open Lightroom Desktop. 2. Go to Help > Check for Updates. 3. Follow prompts to install latest version. 4. Restart Lightroom after installation.

🔧 Temporary Workarounds

Avoid opening untrusted files

all

Only open Lightroom files from trusted sources to prevent exploitation

🧯 If You Can't Patch

Restrict user permissions to prevent opening untrusted files
Implement application whitelisting to control which files can be opened

🔍 How to Verify

Check if Vulnerable:

Check Lightroom version in Help > About Lightroom. If version is 7.4.1, 13.5, 12.5.1 or earlier, system is vulnerable.

Check Version:

In Lightroom: Help > About Lightroom

Verify Fix Applied:

Verify version is 7.4.2, 13.6, 12.5.2 or later after update.

📡 Detection & Monitoring

Log Indicators:

Unexpected application crashes
Memory access violation errors in system logs

Network Indicators:

No network indicators - local file-based exploit

SIEM Query:

EventID 1000 or 1001 in Windows Event Logs for Lightroom crashes

📊 Metadata

CVE ID: CVE-2024-45145

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: October 9, 2024

Last Updated: October 18, 2024

🔗 References

https://helpx.adobe.com/security/products/lightroom/apsb24-78.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45145, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Lightroom by Adobe

Lightroom by Adobe

Lightroom by Adobe

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Avoid opening untrusted files

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities