Adobe Family October 2024 Routine Security Update Advisory
Overview
Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.
Affected Products
Adobe Substance 3D Painter 10.0.1 or below versions
Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 or below versions
Adobe Commerce B2B 1.4.2-p2, 1.3.5-p7, 1.3.4-p9, 1.3.3-p10 or below versions
Magento Open Source 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 or below versions
Adobe Dimension 4.0.3 or below versions
Adobe Animate 2023 23.0.7 or below versions
Adobe Animate 2024 24.0.4 or below versions
Lightroom 7.4.1 or below versions
Lightroom Classic 13.5 or below versions
Lightroom Classic (LTS) 12.5.1 or below versions
Adobe InCopy 19.4 or below versions
Adobe InCopy 18.5.3 or below versions
Adobe InDesign id19.4 or below versions
Adobe InDesign id18.5.3 or below versions
Adobe Substance 3D Stager 3.0.3 or below versions
Adobe FrameMaker 2020 release update 6 or below versions
Adobe FrameMaker 2022 release update 4 or below versions
Resolved Vulnerabilities
Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Substance 3D Painter (CVE-2024-20787)
Privilege escalation vulnerability due to improper authentication in Adobe Commerce (CVE-2024-45115)
Security feature bypass vulnerability due to improper authentication in Adobe Commerce (CVE-2024-45148)
Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2024-45116)
Arbitrary file read vulnerability due to lack of input validation in Adobe Commerce (CVE-2024-45117)
Security feature bypass vulnerability due to improper access control in Adobe Commerce (CVE-2024-45118)
Arbitrary file read vulnerability due to server-side request manipulation (SSRF) in Adobe Commerce (CVE-2024-45119)
Security feature bypass vulnerability due to a time-of-check time-of-use (toctou) race condition in Adobe Commerce (CVE-2024-4520)
Security feature bypass vulnerability due to improper access control in Adobe Commerce (CVE-2024-45121)
Security feature bypass vulnerability due to improper access control in Adobe Commerce (CVE-2024-45122)
Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2024-45123)
Security feature bypass vulnerability due to improper access control in Adobe Commerce (CVE-2024-45124)
Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2024-45125)
Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2024-45126)
Security feature bypass vulnerability due to lack of authentication in Adobe Commerce (CVE-2024-45127)
Privilege escalation vulnerability due to improper access control in Adobe Commerce (CVE-2024-45128)
Security Feature Bypass Vulnerability Due to Improper Access Controls in Adobe Commerce (CVE-2024-45129)
Security feature bypass vulnerability due to lack of authentication in Adobe Commerce (CVE-2024-45130)
Privilege escalation vulnerability due to lack of authentication in Adobe Commerce (CVE-2024-45131)
Security feature bypass vulnerability due to improper access control in Adobe Commerce (CVE-2024-45132)
Security feature bypass vulnerability due to information leakage in Adobe Commerce (CVE-2024-45133)
Security Feature Bypass Vulnerability Due to Improper Access Controls in Adobe Commerce (CVE-2024-45134)
Security Feature Bypass Vulnerability Due to Improper Access Controls in Adobe Commerce (CVE-2024-45135)
Security Feature Bypass Vulnerability Due to Improper Access Controls in Adobe Commerce (CVE-2024-45149)
Arbitrary code execution vulnerability due to unbounded memory usage (UAF) in Adobe Dimension (CVE-2024-45146)
Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Adobe Dimension (CVE-2024-45150)
Arbitrary code execution vulnerability due to a stack-based buffer overflow in Adobe Animate 2023 (CVE-2024-47410)
Arbitrary code execution vulnerability due to a null pointer reference in Adobe Animate 2023 (CVE-2024-47411)
Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Adobe Animate 2023 (CVE-2024-47412)
Arbitrary code execution vulnerability due to unchecked memory usage (UAF) in Adobe Animate 2023 (CVE-2024-47413)
Arbitrary code execution vulnerability due to unchecked memory usage (UAF) in Adobe Animate 2023 (CVE-2024-47414)
Arbitrary code execution vulnerability due to unbounded memory usage (UAF) in Adobe Animate 2023 (CVE-2024-47415)
Arbitrary code execution vulnerability due to an integer value overflow in Adobe Animate 2023 (CVE-2024-47416)
Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Animate 2023 (CVE-2024-47417)
Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Adobe Animate 2023 (CVE-2024-47418)
Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Animate 2023 (CVE-2024-47419)
Memory leak vulnerability due to an out-of-bounds read in memory in Adobe Animate 2023 (CVE-2024-47420)
Memory leak vulnerability due to an out-of-bounds read in memory in Lightroom (CVE-2024-45145)
Arbitrary code execution vulnerability due to unrestricted upload of file with dangerous type in Adobe InCopy (CVE-2024-45136)
Arbitrary code execution vulnerability due to unrestricted upload of file with dangerous type in Adobe InDesign (CVE-2024-45137)
Arbitrary code execution vulnerability due to unrestricted memory usage (UAF) in Adobe Substance 3D Stager (CVE-2024-45138)
Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Substance 3D Stager (CVE-2024-45139)
Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Stager (CVE-2024-45140)
Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe Substance 3D Stager (CVE-2024-45141)
Arbitrary code execution vulnerability due to arbitrary memory writeable in Adobe Substance 3D Stager (CVE-2024-45142)
Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Substance 3D Stager (CVE-2024-45143)
Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Substance 3D Stager (CVE-2024-45144)
Arbitrary code execution vulnerability due to out-of-bounds writes in memory in Adobe Substance 3D Stager (CVE-2024-45152)
Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Adobe FrameMaker (CVE-2024-47421)
Arbitrary code execution vulnerability due to an untrusted search path in Adobe FrameMaker (CVE-2024-47422)
Arbitrary code execution vulnerability due to unrestricted upload of file with dangerous type in Adobe FrameMaker (CVE-2024-47423)
Arbitrary code execution vulnerability due to integer value overflow in Adobe FrameMaker (CVE-2024-47424)
Arbitrary code execution vulnerability due to integer underflow (wrap or wraparound) in Adobe FrameMaker (CVE-2024-47425)
Vulnerability Patches
Please check the Adobe Referenced Sites below.
Referenced Sites
Security Bulletins and Advisories
https://helpx.adobe.com/security.html/security/security-bulletin.ug.html
APSB24-52 : Security update available for Adobe Substance 3D Painter
https://helpx.adobe.com/security/products/substance3d_painter/apsb24-52.html
APSB24-73 : Security update available for Adobe Commerce
https://helpx.adobe.com/security/products/magento/apsb24-73.html
APSB24-74 : Security update available for Adobe Dimension
https://helpx.adobe.com/security/products/dimension/apsb24-74.html
APSB24-76 : Security update available for Adobe Animate
https://helpx.adobe.com/security/products/animate/apsb24-76.html
APSB24-78 : Security update available for Adobe Lightroom
https://helpx.adobe.com/security/products/lightroom/apsb24-78.html
APSB24-79 : Security update available for Adobe InCopy
https://helpx.adobe.com/security/products/incopy/apsb24-79.html
APSB24-80 : Security update available for Adobe InDesign
https://helpx.adobe.com/security/products/indesign/apsb24-80.html
APSB24-81 : Security update available for Adobe Substance 3D Stager
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-81.html
APSB24-82 : Security update available for Adobe FrameMaker
https://helpx.adobe.com/security/products/framemaker/apsb24-82.html
APSB24-76 : Security update available for Adobe Animate
https://helpx.adobe.com/security/products/animate/apsb24-76.html
APSB24-79 : Security update available for Adobe InCopy
https://helpx.adobe.com/security/products/incopy/apsb24-79.html
APSB24-80 : Security update available for Adobe InDesign
https://helpx.adobe.com/security/products/indesign/apsb24-80.html
APSB24-78 : Security update available for Adobe Lightroom
https://helpx.adobe.com/security/products/lightroom/apsb24-78.html
APSB24-73 : Security update available for Adobe Commerce
https://helpx.adobe.com/security/products/magento/apsb24-73.html