CVE-2023-48632: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability identified as CVE-2023-48632. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on December 14, 2023. This security flaw affects Adobe After Effects software running on both Windows and macOS operating systems (ZDI Advisory, NVD).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) that specifically occurs during the parsing of AEP files. The issue stems from inadequate validation of user-supplied data, which can result in a write operation past the end of an allocated object. The vulnerability has received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The impact is considered high as it could potentially allow attackers to execute malicious code with the same privileges as the affected application (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe After Effects (24.1) to mitigate this security risk (Adobe Advisory).