Bulletin ID
Last updated on
23 Dec 2024
Security update available for Adobe PDFL Software Development Kit (SDK) | APSB24-98
|
|
Date Published |
Priority |
|
APSB24-98 |
December 10, 2024 |
3 |
Summary
Adobe has released an update for the Adobe PDF Library Software Development Kit (SDK) for Windows, Linux and macOS. Adobe PDFL SDK contains a set of functions for developing third-party solutions and workflows built upon the Adobe PDF standard. This update resolves a critical vulnerability that could lead to arbitrary code execution.
Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
Affected Versions
|
Product |
Affected version |
Platform |
|
Adobe PDFL Software Development Kit (SDK) |
PDFL SDK 21.0.0.5 and earlier versions
|
Windows, Linux and macOS |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Adobe PDFL Software Development Kit (SDK) |
PDFL SDK 21.0.0.7 |
Windows, Linux and macOS |
3 |
Windows, Linux and macOS |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
|
Out-of-bounds Write (CWE-787) |
Arbitrary Code Execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2024-49513 |
Acknowledgments
Adobe would like to thank the following researchers for reporting these issue and for working with Adobe to help protect our customers:
- Anonymous - CVE-2024-49513
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
