Lightroom
CVE-2020-24447
HIGH
Severity by source
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (adobe) · only source for this CVE.
CVSS VectorVendor: adobe
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.
Technical ContextAI
This vulnerability is classified under CWE-427. Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Affected products include: Adobe Lightroom. Version information: version 10.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arb
Arbitrary code execution in Adobe Lightroom Desktop 15.1 and earlier via an out-of-bounds write vulnerability when users
Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in
Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Rated high severity (CVSS
Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that coul
Same weakness CWE-427 – Uncontrolled Search Path Element
View allShare
External POC / Exploit Code
Leaving vuln.today