CVE-2024-47446: 
Adobe After Effects vulnerability analysis and mitigation

CVE-2024-47446 is an out-of-bounds read vulnerability affecting Adobe After Effects versions 23.6.9, 24.6.2 and earlier. The vulnerability was disclosed on November 12, 2024, and could potentially lead to disclosure of sensitive memory (NVD, Adobe Advisory).

The vulnerability is classified as CWE-125 (Out-of-bounds Read) with a CVSS v3.1 Base Score of 5.5 (Medium). The attack vector is Local (AV:L), with Low attack complexity (AC:L), requiring No privileges (PR:N) and User interaction (UI:R). The scope is Unchanged (S:U) with High confidentiality impact (C:H), but No impact on integrity (I:N) or availability (A:N) (NVD).

If exploited, this vulnerability could lead to the disclosure of sensitive memory and potentially allow an attacker to bypass security mitigations such as ASLR (Address Space Layout Randomization). The exploitation requires user interaction, specifically opening a malicious file (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of After Effects. The vulnerability affects versions 23.6.9, 24.6.2 and earlier, and users should upgrade to versions after these releases (Adobe Advisory).