CVE-2024-47413: 
NixOS vulnerability analysis and mitigation

Adobe Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability (CVE-2024-47413) that could result in arbitrary code execution in the context of the current user. The vulnerability was discovered and reported to Adobe Systems Incorporated, with the CVE being assigned on September 24, 2024. This vulnerability requires user interaction, specifically opening a malicious file, to be exploited (NVD, Adobe Advisory).

The vulnerability is classified as a Use After Free (CWE-416) issue with a CVSS v3.1 Base Score of 7.8 (HIGH). The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at a high level (Adobe Advisory).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. Depending on the user's privileges, an attacker could potentially install programs, view or modify data, or create new accounts with full user rights. Users with fewer system privileges may be less impacted than those with administrative rights (CIS Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to Adobe Animate versions 23.0.8 or 24.0.5 or later. Organizations should apply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing (NVD).