Audition
CVE-2024-39378
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (adobe) · only source for this CVE.
CVSS VectorVendor: adobe
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Affected products include: Adobe Audition.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
Arbitrary code execution in Adobe Audition 25.3 and earlier through a local out-of-bounds write vulnerability that requi
Arbitrary code execution in Adobe Audition arises from an out-of-bounds write (CWE-787) triggered when a victim opens a
Arbitrary code execution in Adobe Audition arises from an out-of-bounds write (CWE-787) triggered when a victim opens a
Arbitrary code execution in Adobe Audition arises from an out-of-bounds write (memory corruption) that runs in the conte
Arbitrary code execution in Adobe Audition arises from an out-of-bounds write (CWE-787) triggered when a victim opens a
Arbitrary code execution in Adobe Audition arises from an out-of-bounds write (CWE-787) triggered when a user opens a ma
Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could resul
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vu
Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), th
Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), th
Adobe Audition versions 25.3 and earlier contain an out-of-bounds read vulnerability that exposes sensitive data from ap
Memory disclosure in Adobe Audition 25.3 and earlier through an out-of-bounds read vulnerability allows attackers to acc
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today