Bulletin ID
Security Updates Available for Adobe Bridge | APSB20-19
|
Date Published |
Priority |
---|---|---|
APSB20-19 |
April 28, 2020 |
3 |
Summary
Affected Versions
Product |
Version |
Platform |
---|---|---|
Adobe Bridge |
10.0.1 and earlier version |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page.
Product |
Version |
Platform |
Priority |
Availability |
---|---|---|---|---|
Adobe Bridge |
10.0.4 |
Windows and macOS |
3 |
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
---|---|---|---|
Stack-based Buffer Overflow |
Arbitrary code execution |
Critical |
CVE-2020-9555 |
Heap Overflow |
Arbitrary code execution |
Critical |
CVE-2020-9562 CVE-2020-9563 |
Memory Corruption |
Arbitrary code execution |
Critical |
CVE-2020-9568 |
Out-of-Bounds Read |
Information Disclosure |
Important |
CVE-2020-9553 CVE-2020-9557 CVE-2020-9558 |
Out-of-Bounds Write |
Arbitrary code execution |
Critical |
CVE-2020-9554 CVE-2020-9556 CVE-2020-9559 CVE-2020-9560 CVE-2020-9561 CVE-2020-9564 CVE-2020-9565 CVE-2020-9569 |
Use After Free |
Arbitrary code execution |
Critical |
CVE-2020-9566 CVE-2020-9567 |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Anonymous working with Trend Micro Zero Day Initiative (CVE-2020-9553)
- Francis Provencher working with Trend Micro Zero Day Initiative (CVE-2020-9568)
- Mat Powell of Trend Micro Zero Day Initiative (CVE-2020-9554, CVE-2020-9555, CVE-2020-9556, CVE-2020-9557, CVE-2020-9558, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9562, CVE-2020-9563, CVE-2020-9564, CVE-2020-9565, CVE-2020-9566, CVE-2020-9567, CVE-2020-9569)