Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

Multiple security vulnerabilities affecting numerous Adobe products (After Effects, Audition, Bridge, DNG SDK, InDesign, Lightroom Classic, and Substance 3D suite) have been disclosed, including out-of-bounds read/write, use-after-free, integer overflow, type confusion, and NULL pointer dereference issues. Several of the most severe CVEs could permit arbitrary code execution in the context of the logged-on user, potentially enabling installation of programs, data access/modification, or creation of accounts depending on user privileges.