CVE-2024-39386

Name
CVE-2024-39386
Description
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://helpx.adobe.com/security/products/bridge/apsb24-59.html

Match rules

CPE URI Source package Min version Max version
bridge >= 0 <= 14.1.1
cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:* bridge >= 0 <= 13.0.8
cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:* bridge >= 0 <= 14.1.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bridge edge-main 1.5-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bridge 3.20-main 1.5-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bridge 3.19-main 1.5-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bridge 3.18-main 1.5-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bridge 3.17-main 1.5-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable