CVE-2024-20752

Name
CVE-2024-20752
Description
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://helpx.adobe.com/security/products/bridge/apsb24-15.html

Match rules

CPE URI Source package Min version Max version
bridge >= 0 <= 14.0.1
cpe:2.3:a:adobe:bridge:-:*:*:*:*:*:*:* bridge >= 0 <= 13.0.5
cpe:2.3:a:adobe:bridge:-:*:*:*:*:*:*:* bridge >= 0 <= 14.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bridge edge-main 1.5-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bridge 3.20-main 1.5-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bridge 3.19-main 1.5-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bridge 3.18-main 1.5-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bridge 3.17-main 1.5-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bridge 3.16-main 1.5-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable