Adobe Security Vulnerabilities (CVEs)

CVE-2024-49513 is an out-of-bounds write vulnerability in Adobe PDFL SDK that could allow arbitrary code execution when a user opens a malicious PDF f...

Adobe Illustrator versions 29.0.0, 28.7.2 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary cod...

A stack-based buffer overflow vulnerability in Adobe InDesign allows arbitrary code execution when a user opens a malicious file. This affects users r...

Adobe Animate versions 23.0.8, 24.0.5 and earlier contain an uninitialized pointer access vulnerability that could allow arbitrary code execution when...

Adobe Media Encoder versions 25.0, 24.6.3 and earlier contain an out-of-bounds write vulnerability that allows arbitrary code execution when a user op...

This CVE describes an out-of-bounds write vulnerability in Adobe Media Encoder that could allow arbitrary code execution when a user opens a malicious...

A use-after-free vulnerability in Adobe Acrobat Reader allows arbitrary code execution when a user opens a malicious PDF file. This affects multiple v...

Adobe Acrobat Reader has an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents, potentially bypassing ASLR ...

This CVE describes an out-of-bounds read vulnerability in Adobe Acrobat Reader that could allow an attacker to read sensitive memory contents. When ex...

CVE-2024-52998 is an out-of-bounds read vulnerability in Substance3D Stager that could allow an attacker to read sensitive memory contents when a vict...

Adobe Audition versions 23.6.9, 24.4.6 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory con...

This CVE describes a heap-based buffer overflow vulnerability in Adobe InDesign that could allow an attacker to execute arbitrary code with the privil...

Adobe InDesign has an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents when a user opens a malicious file...

This CVE describes a heap-based buffer overflow vulnerability in Adobe InDesign that could allow an attacker to execute arbitrary code on a victim's s...

CVE-2024-49519 is an out-of-bounds write vulnerability in Substance3D Painter that could allow arbitrary code execution when a user opens a malicious ...

CVE-2024-49525 is a heap-based buffer overflow vulnerability in Substance3D Painter that could allow arbitrary code execution when a user opens a mali...

CVE-2024-49515 is an untrusted search path vulnerability in Substance3D Painter that could allow attackers to execute arbitrary code by manipulating t...

CVE-2024-49517 is a heap-based buffer overflow vulnerability in Substance3D Painter that could allow arbitrary code execution when a user opens a mali...

CVE-2024-47435 is an out-of-bounds read vulnerability in Substance3D Painter that could allow an attacker to read sensitive memory contents when a vic...

Substance3D Painter versions 10.1.0 and earlier contain an out-of-bounds read vulnerability that could allow an attacker to read sensitive memory cont...

Substance3D Painter versions 10.1.0 and earlier contain a NULL pointer dereference vulnerability that allows attackers to crash the application by tri...

Substance3D Painter versions 10.1.0 and earlier contain a heap-based buffer overflow vulnerability that could allow attackers to execute arbitrary cod...

CVE-2024-47433 is an out-of-bounds write vulnerability in Adobe Substance3D Painter that could allow arbitrary code execution when a user opens a mali...

CVE-2024-47427 is an out-of-bounds write vulnerability in Adobe Substance3D Painter that could allow arbitrary code execution when a user opens a mali...

CVE-2024-47429 is an out-of-bounds write vulnerability in Adobe Substance3D Painter that could allow arbitrary code execution when a user opens a mali...

Adobe Illustrator versions 28.7.1 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents...

Adobe Bridge versions 13.0.9, 14.1.2 and earlier contain a NULL pointer dereference vulnerability that allows attackers to cause denial-of-service by ...

Adobe Illustrator versions 28.7.1 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code when a...

Adobe Illustrator versions 28.7.1 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory contents...

CVE-2024-47445 is an out-of-bounds read vulnerability in Adobe After Effects that could allow an attacker to read sensitive memory contents. This coul...

This CVE describes an out-of-bounds read vulnerability in Adobe Audition that could allow an attacker to read sensitive memory contents. When exploite...

Adobe Illustrator versions 28.7.1 and earlier contain a heap-based buffer overflow vulnerability that could allow arbitrary code execution when a user...

CVE-2024-45147 is an out-of-bounds read vulnerability in Adobe Bridge that could allow an attacker to read sensitive memory, potentially bypassing ASL...

CVE-2024-47441 is an out-of-bounds write vulnerability in Adobe After Effects that could allow arbitrary code execution when a user opens a malicious ...

CVE-2024-47443 is an out-of-bounds write vulnerability in Adobe After Effects that could allow arbitrary code execution when a user opens a malicious ...

Adobe Animate versions 23.0.7, 24.0.4 and earlier contain an out-of-bounds read vulnerability that could allow attackers to read sensitive memory cont...

Adobe Animate versions 23.0.7, 24.0.4 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code on...

Adobe Commerce versions 3.2.5 and earlier contain a Server-Side Request Forgery (SSRF) vulnerability that allows low-privileged attackers to send craf...

Adobe Experience Manager versions 6.5.20 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability where attackers can inject malicious sc...

CVE-2024-49522 is an out-of-bounds write vulnerability in Substance3D Painter that allows arbitrary code execution when a user opens a malicious file....

CVE-2024-47459 is a NULL pointer dereference vulnerability in Substance3D Sampler that allows attackers to cause a denial-of-service by crashing the a...

CVE-2024-45132 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security controls and escal...

CVE-2024-45148 is an improper authentication vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security features and gain...

This CVE describes an Improper Authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures. The vul...

This CVE describes an Improper Access Control vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures. Affect...

This reflected Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows attackers to execute malicious JavaScript in victims' browsers by tri...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security features and potentially modify da...

This CVE describes an Improper Input Validation vulnerability in Adobe Commerce that allows authenticated admin attackers to read arbitrary files from...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce that allows authenticated administrators to force the applicat...

CVE-2024-45121 is an Improper Access Control vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security features. This af...