Vulnerability DatabaseCVE-2024-41872

CVE-2024-41872:
Adobe Media Encoder vulnerability analysis and mitigation

Overview

CVE-2024-41872 is an out-of-bounds read vulnerability affecting Adobe Media Encoder versions 24.5, 23.6.8 and earlier. The vulnerability was disclosed on September 13, 2024, and could lead to disclosure of sensitive memory. This vulnerability affects both Windows and macOS operating systems (NVD, Adobe Advisory).

Technical details

The vulnerability is classified as CWE-125 (Out-of-bounds Read) with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is Local (L), with Low attack complexity (L), requiring No privileges (N) and User interaction (R). The scope is Unchanged (U), with High confidentiality impact (H), but No impact on integrity (N) or availability (N). The complete vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

Impact

The vulnerability could lead to disclosure of sensitive memory and potentially allow attackers to bypass security mitigations such as ASLR (Address Space Layout Randomization). The exploitation requires user interaction, specifically opening a malicious file (NVD).

Mitigation and workarounds

Adobe has released version 23.6.9 of Media Encoder to address this vulnerability. Users are advised to update to the latest version immediately after appropriate testing. Organizations should also apply the principle of least privilege and restrict user permissions where possible (Adobe Advisory).

Additional resources

Source: This report was generated using AI

Related Adobe Media Encoder vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-27195	HIGH	7.8	Adobe Media Encoder	cpe:2.3:a:adobe:media_encoder	No	Yes	Apr 08, 2025
CVE-2025-27194	HIGH	7.8	Adobe Media Encoder	cpe:2.3:a:adobe:media_encoder	No	Yes	Apr 08, 2025
CVE-2024-49553	HIGH	7.8	Adobe Media Encoder	cpe:2.3:a:adobe:media_encoder	No	Yes	Dec 10, 2024
CVE-2024-49552	HIGH	7.8	Adobe Media Encoder	cpe:2.3:a:adobe:media_encoder	No	Yes	Dec 10, 2024
CVE-2024-49554	MEDIUM	5.5	Adobe Media Encoder	cpe:2.3:a:adobe:media_encoder	No	Yes	Dec 10, 2024

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2024-41872: Adobe Media Encoder vulnerability analysis and mitigation