7.8

CVE-2021-43755

EPSS 1.57%
Veröffentlicht 15.06.2022 20:15:17
Zuletzt bearbeitet 21.11.2024 06:29:43
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

Adobe After Effects Memory Corruption could lead to Arbitrary Code Execution

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user.  User interaction is required to exploit this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ After Effects Version <= 18.4.2

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Adobe ≫ After Effects Version >= 22.0 < 22.1.1

Apple ≫ macOS Version-
Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.57%	0.809

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
psirt@adobe.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://helpx.adobe.com/security/products/after_effects/apsb21-115.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-43755

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-43755

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-43755

EUVD