Adobe Family August 2024 Routine Security Update Advisory

Aug 13 2024

Overview

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.

Affected Products

Illustrator 2024 28.5 and previous versions

Illustrator 2023 27.9.4 and previous versions

Adobe Dimension 3.4.11 and previous versions

Photoshop 2023 24.7.3 and previous versions

Photoshop 2024 25.9.1 and previous versions

Adobe InDesign id19.4 and previous versions

Adobe InDesign id18.5.2 and previous versions

Acrobat DC continuous

Acrobat Reader DC continuous

Acrobat 2024 classic 2024

Acrobat 2020 classic 2020

Acrobat Reader 2020 classic 2020

Adobe Bridge 13.0.8 and previous versions

Adobe Bridge 14.1.1 and previous versions

Adobe Substance 3D Stager 3.0.2 and previous versions

Adobe Commerce 2.4.7-p1

2.4.6-p6

2.4.5-p8

2.4.4-p9 and previous versions

Magento Open Source 2.4.7-p1

2.4.6-p6

2.4.5-p8

2.4.4-p9 and previous versions

Adobe InCopy 19.4 and previous versions

Adobe InCopy 18.5.2 and previous versions

Adobe Substance 3D Sampler 4.5 and previous versions

Adobe Substance 3D Designer 13.1.2 and previous versions

Resolved Vulnerabilities

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Illustrator 2024 (CVE-2024-34133)

Free AFter Use vulnerability in Photoshop Desktop resulting in arbitrary code execution in the context of the current user (CVE-2024-34117)

Application Denial of Service vulnerability due to divide by zero in Illustrator 2024 (CVE-2024-34118)

Memory leak vulnerability due to an out-of-bounds read of memory in Illustrator 2024 (CVE-2024-34134)

Memory leak vulnerability due to out-of-bounds reads in memory in Illustrator 2024 (CVE-2024-34135)

Application denial of service vulnerability due to null pointer references in Illustrator 2024 (CVE-2024-34136)

Application Denial of Service Vulnerability Due to Null Pointer References in Illustrator 2024 (CVE-2024-34137)

Application Denial of Service Vulnerability Due to Null Pointer References in Illustrator 2024 (CVE-2024-34138)

Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe Dimension (CVE-2024-34124)

Arbitrary code execution vulnerability due to an untrusted search path in Adobe Dimension (CVE-2024-41865)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Adobe Dimension (CVE-2024-20789)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Dimension (CVE-2024-34125)

Memory leak vulnerability due to an out-of-bounds read in memory in Adobe Dimension (CVE-2024-34126)

Memroy leak vulnerability due to an out-of-bounds read in memory in Adobe Dimension (CVE-2024-20790)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Photoshop 2023 (CVE-2024-20753)

Arbitrary code execution vulnerability due to a stack-based buffer overflow in Adobe InDesign (CVE-2024-39389)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe InDesign (CVE-2024-39390)

Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe InDesign (CVE-2024-39391)

Arbitrary code execution vulnerability due to a stack-based buffer overflow in Adobe InDesign (CVE-2024-41852)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe InDesign (CVE-2024-41853)

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Adobe InDesign (CVE-2024-39393)

Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Adobe InDesign (CVE-2024-39394)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe InDesign (CVE-2024-41850)

Arbitrary code execution vulnerability due to an integer value overflow in Adobe InDesign (CVE-2024-41851)

Application denial of service vulnerability due to a null pointer reference in Adobe InDesign (CVE-2024-39395)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe InDesign (CVE-2024-34127)

Memory leak vulnerability due to an out-of-bounds read in memory in Adobe InDesign (CVE-2024-41854)

Application denial of service vulnerability due to a null pointer reference in Adobe InDesign (CVE-2024-41866)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Acrobat DC (CVE-2024-39383)

Arbitrary code execution vulnerability due to unbounded memory usage (UAF) in Acrobat DC (CVE-2024-39422)

Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Acrobat DC (CVE-2024-39423)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Acrobat DC (CVE-2024-39424)

Privilege escalation vulnerability due to improper verification of cryptographic signature in Acrobat DC (CVE-2024-39425)

Arbitrary code execution vulnerability due to memory access outside the allowed buffer area in Acrobat DC (CVE-2024-39426)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Acrobat DC (CVE-2024-41830)

Arbitrary code execution vulnerability due to unbounded memory usage (UAF) in Acrobat DC (CVE-2024-41831)

Memory leak vulnerability due to an out-of-bounds read of memory in Acrobat DC (CVE-2024-41832)

Memory leak vulnerability due to an out-of-bounds read in memory in Acrobat DC (CVE-2024-41833)

Memory leak vulnerability due to an out-of-bounds read in memory in Acrobat DC (CVE-2024-41834)

Memory leak vulnerability due to out-of-bounds reads in memory in Acrobat DC (CVE-2024-41835)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Bridge (CVE-2024-39386)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Bridge (CVE-2024-41840)

Memory leak vulnerability due to an out-of-bounds read in memory in Adobe Bridge (CVE-2024-39387)

Arbitrary code execution vulnerability due to unrestricted memory usage (UAF) in Adobe Substance 3D Stager (CVE-2024-39388)

Arbitrary code execution vulnerability due to unrestricted upload of file with dangerous type in Adobe Commerce (CVE-2024-39397)

Security feature bypass vulnerability due to improper restriction of excessive authentication attempts in Adobe Commerce (CVE-2024-39398)

Arbitrary file read vulnerability due to improper pathname restriction in Adobe Commerce (CVE-2024-39399)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2024-39400)

Arbitrary code execution vulnerability in Adobe Commerce due to improper neutralization of special elements used in an os command (‘os command injection’) (CVE-2024-39401)

Arbitrary code execution vulnerability due to improper neutralization of special elements used in an os command (‘os command injection’) in Adobe Commerce (CVE-2024-39402)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2024-39403)

Security feature bypass vulnerability due to information disclosure in Adobe Commerce (CVE-2024-39406)

Privilege escalation vulnerability due to improper access control in Adobe Commerce (CVE-2024-39404)

Security feature bypass vulnerability due to improper access controls in Adobe Commerce (CVE-2024-39405)

Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2024-39407)

Security feature bypass vulnerability due to cross-site request forgery (csrf) in Adobe Commerce (CVE-2024-39408)

Security feature bypass vulnerability due to cross-site request forgery (csrf) in Adobe Commerce (CVE-2024-39409)

Security feature bypass vulnerability due to cross-site request forgery (csrf) in Adobe Commerce (CVE-2024-39410)

Privilege escalation vulnerability due to improper access control in Adobe Commerce (CVE-2024-39411)

Security feature bypass vulnerability due to lack of authentication in Adobe Commerce (CVE-2024-39412)

Security feature bypass vulnerability due to lack of authentication in Adobe Commerce (CVE-2024-39413)

Privilege escalation vulnerability due to improper access control in Adobe Commerce (CVE-2024-39414)

Security feature bypass vulnerability due to lack of authentication in Adobe Commerce (CVE-2024-39415)

Security feature bypass vulnerability due to lack of authentication in Adobe Commerce (CVE-2024-39416)

Security feature bypass vulnerability due to lack of authentication in Adobe Commerce (CVE-2024-39417)

Security feature bypass vulnerability due to lack of authentication in Adobe Commerce (CVE-2024-39418)

Privilege escalation vulnerability due to improper access control in Adobe Commerce (CVE-2024-39419)

Arbitrary code execution vulnerability due to integer value overflow in Adobe InCopy (CVE-2024-41858)

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Adobe Substance 3D Sampler (CVE-2024-41860)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Substance 3D Sampler (CVE-2024-41861)

Memory leak vulnerability due to an out-of-bounds read in memory in Adobe Substance 3D Sampler (CVE-2024-41862)

Memory leak vulnerability due to an out-of-bounds read in memory in Adobe Substance 3D Sampler (CVE-2024-41863)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Designer (CVE-2024-41864)

Vulnerability Patches

The following product-specific vulnerability patches were made available in the August 13, 2024 update

Illustrator 2023 27.9.5

Photoshop 2023 24.7.4

Photoshop 2024 25.11

Adobe InDesign ID19.5

Adobe InDesign ID18.5.3

Acrobat DC Continuous 24.002.21005

Acrobat Reader DC Continuous 24.002.21005

Acrobat 2024 Classic 2024 24.001.30159

Acrobat 2020 Classic 2020 20.005.30655

Acrobat Reader 2020 Classic 2020 20.005.30655

Adobe Bridge 14.1.2

Magento Open Source 2.4.7-p2 for 2.4.7-p1 and earlier 2.4.6-p7 for 2.4.6-p6 and earlier 2.4.5-p9 for 2.4.5-p8 and earlier 2.4.4-p10 for 2.4.4-p9 and earlier

Adobe Commerce and Magento Open Source Isolated patch for CVE-2024-39397 Compatible with all Adobe Commerce and Magento Open Source versions between 2.4.4 – 2.4.7

Adobe InCopy 19.5

Adobe InCopy 18.5.3