{"cve":{"cve_id":"CVE-2020-24418","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.02971,"epss_percentile":0.85472,"epss_as_of":"2026-06-23","description":"Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit.","published_at":"2020-10-21T20:18:26.793000Z","last_modified_at":null,"cvss_v3_score":7.8,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-125"],"nvd_references":["https://helpx.adobe.com/security/products/after_effects/apsb20-62.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:13:51.490687Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"adobe","vendor_name":"Adobe","product_slug":"after-effects","product_name":"After Effects","version_start":"unspecified","version_start_inclusive":true,"version_end":"17.1.1","version_end_inclusive":true,"cpe23_uri":"cve5:adobe:after-effects:unspecified:17.1.1"},{"vendor_slug":"adobe","vendor_name":"Adobe","product_slug":"after-effects","product_name":"After Effects","version_start":"unspecified","version_start_inclusive":true,"version_end":"None","version_end_inclusive":true,"cpe23_uri":"cve5:adobe:after-effects:unspecified:None"}],"exploit_refs":[],"news":[],"references":[{"url":"https://helpx.adobe.com/security/products/after_effects/apsb20-62.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2020-10-21T20:18:26.793000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:03:17.285518Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:03:17.285518Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:03:17.285518Z","label":"CVSS score revised","source":"cvelistv5"}]}