CVE-2024-20739: 
Adobe Audition vulnerability analysis and mitigation

A Heap-based Buffer Overflow vulnerability (CVE-2024-20739) affects Adobe Audition versions 24.0.3, 23.6.2 and earlier. The vulnerability was discovered in late 2023 and publicly disclosed on February 13, 2024. This security flaw could potentially allow arbitrary code execution in the context of the current user, requiring user interaction through opening a malicious file (Adobe Advisory, ZDI Advisory).

The vulnerability exists within the parsing of AVI files and stems from improper validation of user-supplied data length before copying it to a fixed-length heap-based buffer. It has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-122 (Heap-based Buffer Overflow) by Adobe and CWE-787 (Out-of-bounds Write) by NIST (ZDI Advisory, NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability (ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Audition installations to versions newer than 24.0.3 and 23.6.2 (Adobe Advisory).