Skip to main content
V
volk7
Participant
May 16, 2025
Question

CVE-2024-12797 - Vulnerability of OpenSSL libraries

  • May 16, 2025
  • 1 reply
  • 882 views

Hello, good day. I am a vulnerability analyst and recently an alert has come out regarding CVE-2024-12797, where your application is exposed through the OpenSSL versions of your “libcrypto-3-x64.dll” and “libssl-3-x64.dll” files using OpenSSL version 3.2.1.0. I would be grateful if you could let me know an estimated date, when it will be possible to upgrade to OpenSSL version 3.2.4.0 in the mentioned libraries. These detections occur through the plugin “mochaae” that is integrated with After Effects, in a path as “adobe media encoder 2025 ”aftereffectslib", which is triggering the exposure of the Adobe Media Encoder (25.2) and Adobe Premier Pro (25.2.3) applications.

    1 reply

    Kevin J. Monahan Jr.
    Community Manager
    Kevin J. Monahan Jr.Community Manager
    Community Manager
    May 16, 2025

    HI @volk7,

    Thanks for the message. I let the developers know about this issue. I hope they will reply shortly.

     

    Thanks,
    Kevin

     

    Kevin Monahan - Sr. Community and Engagement Strategist – Adobe Pro Video and Audio
    Kovac_NZ
    Kovac_NZ
    Participating Frequently
    July 24, 2025

    Are the OpenSSL component vulnerabilities still an issue in some Adobe Products?

     

    Adobe Acrobat appears to have been updated but I'm still getting alerted for some products like After Effects, Photoshop, Premiere etc

    c:\program files\adobe\adobe photoshop 2025\libssl-3-x64.dll
    c:\program files\adobe\adobe photoshop 2025\libcrypto-3-x64.dll

     

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices