CVE-2024-45147: 
Adobe Bridge vulnerability analysis and mitigation

Adobe Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability identified as CVE-2024-45147. The vulnerability was disclosed on November 12, 2024, and affects both Windows and macOS operating systems. This security issue was discovered by security researcher Francis Provencher (prl) (Adobe Advisory, NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 5.5 (Medium). The vulnerability vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD).

The vulnerability could lead to disclosure of sensitive memory, potentially allowing attackers to bypass security mitigations such as Address Space Layout Randomization (ASLR). This could compromise the confidentiality of sensitive information stored in the application's memory (NVD).

Users should update to versions newer than Adobe Bridge 13.0.9 or 14.1.2 to address this vulnerability. The issue has been addressed in subsequent releases (Adobe Advisory).