CVE-2024-49514: 
Adobe Photoshop vulnerability analysis and mitigation

CVE-2024-49514 is a critical Integer Underflow (Wrap or Wraparound) vulnerability affecting Adobe Photoshop Desktop versions 24.7.3, 25.11 and earlier. The vulnerability was discovered and disclosed on November 12, 2024. The affected systems include both Windows and macOS versions of Adobe Photoshop (NVD, Adobe Advisory).

The vulnerability is classified as an Integer Underflow (Wrap or Wraparound) issue, identified as CWE-191. It has received a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially affecting confidentiality, integrity, and availability with high impact (NVD).

Successful exploitation of this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights, depending on the privileges of the compromised user account (Rapid7).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest versions of Adobe Photoshop. For Photoshop 2023, users should update beyond version 24.7.3, and for Photoshop 2024, users should update beyond version 25.11 (Adobe Advisory).