CVE-2024-47419: 
NixOS vulnerability analysis and mitigation

Adobe Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability (CVE-2024-47419) that could lead to disclosure of sensitive memory. The vulnerability was discovered and reported by security researcher Francis Provencher (prl). The issue was publicly disclosed in October 2024 and affects both Adobe Animate 2023 and 2024 versions running on Windows and macOS operating systems (NVD, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is local (AV:L) with low attack complexity (AC:L), requires no privileges (PR:N), and needs user interaction (UI:R). The scope is unchanged (S:U) with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD).

If exploited, this vulnerability could allow an attacker to bypass security mitigations such as Address Space Layout Randomization (ASLR) through the disclosure of sensitive memory information. However, successful exploitation requires user interaction, specifically opening a malicious file (NVD).

Adobe has released security updates to address this vulnerability. Users should update to Adobe Animate 2023 version 23.0.8 or Adobe Animate 2024 version 24.0.5 or later. The fix is available through the regular Adobe update channels (Adobe Advisory).