CVE-2024-20739— ZDI-CAN-22647: Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

CVSS 7.8 · High EPSS 0.19% · P41 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-20739

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

ZDI-CAN-22647: Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

堆缓冲区溢出

Source: NVD (National Vulnerability Database)

Vulnerability Title

Adobe Audition 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Adobe Audition是美国奥多比（Adobe）公司的一套多音轨编辑工具。该产品主要使用包含多音轨、波形和光谱显示的完善工具集对音频内容进行混音、编辑和创建等。 Adobe Audition 24.0.3 版本和 23.6.2 版本之前存在安全漏洞，该漏洞源于存在基于堆的缓冲区溢出漏洞的影响，该漏洞可能导致在当前用户的上下文中执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Adobe	Audition	0 ~ 23.6.2	-

II. Public POCs for CVE-2024-20739

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-20739

请登录查看更多情报信息。

Same Patch Batch · Adobe · 2024-02-15 · 30 CVEs total

CVE-2024-20738	9.8 CRITICAL	Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability \| CVE-2023-44324 by
CVE-2024-20719	9.1 CRITICAL	[Adobe Commerce] Stored XSS from low privileged admin user on every admin page, bypassing
CVE-2024-20720	9.1 CRITICAL	Command injection in data collector backup due to insufficient patching of CVE-2023-38208
CVE-2024-20727	7.8 HIGH	[TianfuCup] out-of-bounds access vulnerability when parsing jpeg2000
CVE-2024-20744	7.8 HIGH	Adobe Substance 3D Paint PICT Parsing Access Violation Write Vulnerability
CVE-2024-20729	7.8 HIGH	TALOS-2023-1890 - Adobe Acrobat Reader Annot3D object zoom event use-after-free vulnerabi
CVE-2024-20743	7.8 HIGH	Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability
CVE-2024-20728	7.8 HIGH	ZDI-CAN-22727: Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution V
CVE-2024-20740	7.8 HIGH	Adobe Substance 3D Paint PSD Parsing Out-Of-Bounds Write Vulnerability
CVE-2024-20742	7.8 HIGH	Adobe Substance 3D Paint RAS File Parsing Out-Of-Bounds Read Vulnerability
CVE-2024-20741	7.8 HIGH	Adobe Substance 3D Paint ICO Parsing Access Violation Write Vulnerability
CVE-2024-20731	7.8 HIGH	TALOS-2023-1901 - Adobe Acrobat Reader FileAttachment PDAnnot destroy use-after-free vulne
CVE-2024-20730	7.8 HIGH	TALOS-2023-1906 - Adobe Acrobat Reader Font CPAL integer overflow vulnerability
CVE-2024-20726	7.8 HIGH	[TianfuCup] JP2K Image Parsing Out-Of-Bounds Write
CVE-2024-20750	7.8 HIGH	Adobe Substance 3D Designer PICT Parsing Out-Of-Bounds Read Vulnerability
CVE-2024-20723	7.8 HIGH	Adobe Substance 3D Painter v9.0.1Build2822 Buffer Overflow Vulnerability
CVE-2024-20734	5.5 MEDIUM	ZDI-CAN-22516: Adobe Acrobat Pro DC AcroForm Use-After-Free Information Disclosure Vulnera
CVE-2024-20722	5.5 MEDIUM	Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability III
CVE-2024-20724	5.5 MEDIUM	Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability II
CVE-2024-20725	5.5 MEDIUM	Adobe Substance 3D Painter v9.0.1Build2822 OOBR Vulnerability I

Showing top 20 of 30 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Audition

Same vendor: Adobe

Same weakness: CWE-122

V. Comments for CVE-2024-20739

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-20739— ZDI-CAN-22647: Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

I. Basic Information for CVE-2024-20739

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-20739

III. Intelligence Information for CVE-2024-20739

Same Patch Batch · Adobe · 2024-02-15 · 30 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-20739

Leave a comment