CVE-2023-22233 - Vulnerability Details - OpenCVE

After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	After Effects
Apple	Macos
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:adobe:after_effects::::::::
	cpe:2.3:a:adobe:after_effects::::::::

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

References

Link	Providers
https://helpx.adobe.com/security/products/after_effects/apsb23-02.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2023-02-17T00:00:00

Updated: 2024-08-02T13:29:46.833Z

Reserved: 2022-12-19T00:00:00

Link: CVE-2023-22233

Vulnrichment

Updated: 2024-08-02T10:07:04.869Z

NVD

Status : Modified

Published: 2023-02-17T22:15:13.617

Modified: 2024-11-21T07:44:22.307

Link: CVE-2023-22233

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-22233", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "dateUpdated": "2024-08-02T13:29:46.833Z", "dateReserved": "2022-12-19T00:00:00", "datePublished": "2023-02-17T00:00:00"}, "containers": {"cna": {"title": "Adobe After Effects Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "datePublic": "2023-02-14T00:00:00", "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2023-02-17T00:00:00"}, "descriptions": [{"lang": "en", "value": "After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "affected": [{"vendor": "Adobe", "product": "After Effects", "versions": [{"version": "unspecified", "lessThanOrEqual": "23.1", "status": "affected", "versionType": "custom"}, {"version": "unspecified", "lessThanOrEqual": "22.6.3", "status": "affected", "versionType": "custom"}, {"version": "unspecified", "lessThanOrEqual": "None", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-02.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "Out-of-bounds Read (CWE-125)", "cweId": "CWE-125"}]}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:04.869Z"}, "title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-02.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "adobe", "product": "after_effects", "cpes": ["cpe:2.3:a:adobe:after_effects:*:*:*:*:*:macos:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "23.1", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "22.6.3", "versionType": "custom"}]}, {"vendor": "adobe", "product": "after_effects", "cpes": ["cpe:2.3:a:adobe:after_effects:*:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "23.1", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "22.6.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T12:56:48.625152Z", "id": "CVE-2023-22233", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T13:29:46.833Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-02.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:04.869Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-22233", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-02T12:56:48.625152Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:adobe:after_effects:*:*:*:*:*:macos:*:*"], "vendor": "adobe", "product": "after_effects", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "23.1"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "22.6.3"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:adobe:after_effects:*:*:*:*:*:windows:*:*"], "vendor": "adobe", "product": "after_effects", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "23.1"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "22.6.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T13:29:12.107Z"}}], "cna": {"title": "Adobe After Effects Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "source": {"discovery": "EXTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Adobe", "product": "After Effects", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "23.1"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "22.6.3"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "None"}]}], "datePublic": "2023-02-14T00:00:00", "references": [{"url": "https://helpx.adobe.com/security/products/after_effects/apsb23-02.html"}], "descriptions": [{"lang": "en", "value": "After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2023-02-17T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-22233", "state": "PUBLISHED", "dateUpdated": "2024-08-02T13:29:46.833Z", "dateReserved": "2022-12-19T00:00:00", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2023-02-17T00:00:00", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", "matchCriteriaId": "37677E66-FFC7-4A2E-ABE5-73D0F164A773", "versionEndExcluding": "22.6.4", "versionStartIncluding": "22.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DE75558-EE49-4661-A92F-97F9166AD71D", "versionEndExcluding": "23.2.0", "versionStartIncluding": "23.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "id": "CVE-2023-22233", "lastModified": "2024-11-21T07:44:22.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Secondary"}]}, "published": "2023-02-17T22:15:13.617", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-02.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-02.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "psirt@adobe.com", "type": "Secondary"}]}