Security Advisory

Adobe Product Suite May 2024 Routine Security Update Advisory

  • May 28 2024

Overview

 

An update has been released to address vulnerabilities in the Adobe suite of products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-30295, CVE-2024-30296, CVE-2024-30293, CVE-2024-30282, CVE-2024-30294, CVE-2024-30297

  • Adobe Animate 2023 23.0.5 or below (Windows, MacOS)
  • Adobe Animate 2024 24.0.2 or below (Windows, MacOS)

 

Cve-2024-30307, cve-2024-30274

  • Adobe Substance 3D Painter 9.1.2 or below (all platforms)

 

CVE-2024-30288, CVE-2024-30291, CVE-2024-30289, CVE-2024-30292, CVE-2024-30290

  • Adobe FrameMaker 2020 Release Update 5 or below (Windows)
  • Adobe FrameMaker 2022 Release Update 3 or below (Windows)

 

CVE-2024-34100, CVE-2024-34096, CVE-2024-34095, CVE-2024-34094, CVE-2024-30280, CVE-2024-34098, CVE-2024-34097, CVE-2024-30310, CVE-2024-34099, CVE-2024-30284, CVE-2024-30279

  • Acrobat DC 24.002.20736 or below (Windows, MacOS)
  • Acrobat Reader DC 24.002.20736 or below (Windows, MacOS)
  • Acrobat 2020 20.005.30574 or below (Windows, MacOS)
  • Acrobat Reader 2020 20.005.30574 or below (Windows, MacOS)

 

CVE-2024-20791, CVE-2024-20792

  • Illustrator 2024 28.4 or below (Windows, MacOS)
  • Illustrator 2023 27.9.3 or below (Windows, MacOS)

 

CVE-2024-30275

  • Adobe Aero 0.23.4 or below (Windows, MacOS)

 

CVE-2024-30314

  • Adobe Dreamweaver 21.3 or below (Windows, MacOS)

 

Resolved Vulnerabilities

 

NULL pointer dereference vulnerability in Adobe Animate that could allow arbitrary code execution in the context of the current user (CVE-2024-30295)

Out-of-bounds write vulnerability in Adobe Substance 3D Painter (CVE-2024-30307, CVE-2024-30274)

Heap Buffer Overflow Vulnerability in Adobe FrameMaker (CVE-2024-30288)

Use After Free vulnerabilities in Adobe Acrobat and Reader (CVE-2024-34100, CVE-2024-34096, CVE-2024-34095, CVE-2024-34094, CVE-2024-34097, CVE-2024-30284)

Out-of-bounds write vulnerability in Adobe Illustrator (CVE-2024-20791)

Out-of-Bounds Write Vulnerability in Adobe Animate (CVE-2024-30296, CVE-2024-30282, CVE-2024-30297)

Use After Free vulnerability in Adobe Aero (CVE-2024-30275)

Stack-based buffer overflow vulnerability in Adobe Animate (CVE-2024-30293)

Out-of-bounds write vulnerabilities in Adobe FrameMaker (CVE-2024-30291, CVE-2024-30292, CVE-2024-30290)

Out-of-bounds read vulnerabilities in Adobe Acrobat and Reader (CVE-2024-30280, CVE-2024-30279)

Improper Input Validation Vulnerability in Adobe Acrobat and Reader (CVE-2024-34098)

OS Command Injection Vulnerability in Adobe Dreamweaver (CVE-2024-30314)

Buffer overflow vulnerability in Adobe Framemaker (CVE-2024-30289)

Heap-based Buffer Overflow Vulnerability in Adobe Animate (CVE-2024-30294)

Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader (CVE-2024-30310)

Use After Free vulnerability in Adobe Illustrator (CVE-2024-20792)

Improper Access Control Vulnerability in Adobe Acrobat and Reader (CVE-2024-34099)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability patches version.

 

CVE-2024-30295, CVE-2024-30296, CVE-2024-30293, CVE-2024-30282, CVE-2024-30294, CVE-2024-30297

  • Adobe Animate 2023 version 23.0.6 (Windows, MacOS)
  • Adobe Animate 2024 version 24.0.3 (Windows, MacOS)

 

CVE-2024-30307, CVE-2024-30274

  • Adobe Substance 3D Painter 10.0.0 version (all platforms)

 

CVE-2024-30288, CVE-2024-30291, CVE-2024-30289, CVE-2024-30292, CVE-2024-30290

  • Adobe FrameMaker 2020 Update 6 version (Windows)
  • Adobe FrameMaker 2022 Update 4 version (Windows)

 

CVE-2024-34100, CVE-2024-34096, CVE-2024-34095, CVE-2024-34094, CVE-2024-30280, CVE-2024-34098, CVE-2024-34097, CVE-2024-30310, CVE-2024-34099, CVE2024-30284, CVE-2024-30279

  • Acrobat DC version 24.002.20759 (Windows, macOS)
  • Acrobat Reader DC 24.002.20759 or below (Windows, MacOS)
  • Acrobat 2020 20.005.30636 version (Windows)
  • Acrobat 2020 20.005.30635 (Mac)
  • Acrobat Reader 2020 20.005.30636 version (Windows)
  • Acrobat Reader 2020 20.005.30635 version (macOS)

 

CVE-2024-20791, CVE-2024-20792

  • Illustrator 2024 version 28.5 (Windows, MacOS)
  • Illustrator 2023 version 27.9.4 (Windows, MacOS)

 

CVE-2024-30275

  • Adobe Aero version 0.24.4 (Windows, MacOS)

 

CVE-2024-30314

  • Adobe Dreamweaver version 21.4 (Windows, MacOS)

 

Referenced Sites

 

[1] Security update available for Adobe Acrobat and Reader | APSB24-29

https://helpx.adobe.com/security/products/acrobat/apsb24-29.html

[2] Security Updates Available for Adobe Illustrator | APSB24-30

https://helpx.adobe.com/security/products/illustrator/apsb24-30.html

[3] Security updates available for Substance 3D Painter | APSB24-31

https://helpx.adobe.com/security/products/substance3d_painter/apsb24-31.html

[4] Security update available for Adobe Aero | APSB24-33

https://helpx.adobe.com/security/products/aero/apsb24-33.html

[5] Security updates available for Substance 3D Designer | APSB24-35

https://helpx.adobe.com/security/products/substance3d_designer/apsb24-35.html

[6] Security updates available for Adobe Animate | APSB24-36

https://helpx.adobe.com/security/products/animate/apsb24-36.html

[7] Security Updates Available for Adobe FrameMaker | APSB24-37

https://helpx.adobe.com/security/products/framemaker/apsb24-37.html

[8] Security update available for Adobe Dreamweaver | APSB24-39

https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html

Tags:

Previous Post

Next Post