CVE-2024-52986: 
NixOS vulnerability analysis and mitigation

Adobe Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow vulnerability (CVE-2024-52986) that was disclosed on December 10, 2024. The vulnerability affects both Windows and macOS operating systems. This security issue requires user interaction, specifically opening a malicious file, to be exploited (NVD, Adobe Advisory).

The vulnerability is classified as an Integer Underflow (Wrap or Wraparound) vulnerability, identified as CWE-191. It has received a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, and can potentially impact confidentiality, integrity, and availability at a high level (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running the Adobe Animate application (NVD).

Adobe has addressed this vulnerability by releasing updated versions of the software. Users should update to Adobe Animate versions 23.0.9 or 24.0.6 or later, depending on their current version (NVD).