Character Animator
CVE-2022-34242
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (adobe) · only source for this CVE.
CVSS VectorVendor: adobe
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Affected products include: Adobe Character Animator. Version information: version 4.4.7.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Character Animator
View allAdobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by a Heap-based Buffer Overflow
Adobe Character Animator versions 4.4.2 (and earlier) and 22.3 (and earlier) are affected by an out-of-bounds write vuln
Adobe Character Animator version 4.2 (and earlier) is affected by a memory corruption vulnerability when parsing a speci
Adobe Character Animator versions 3.2 and earlier have a buffer overflow vulnerability. Rated high severity (CVSS 7.8),
Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Rated
Adobe Character Animator version 4.2 (and earlier) is affected by an out-of-bounds Read vulnerability when parsing a spe
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today