CVE-2021-28587: Adobe After Effects TIF file parsing out-of-bounds read information disclosure vulnerability
First published: Mon Jun 28 2021(Updated: )
After Effects versions 18.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe After Effects 2025 | <18.2 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-28587?
CVE-2021-28587 is rated as a critical vulnerability due to its potential for memory disclosure.
How do I fix CVE-2021-28587?
To fix CVE-2021-28587, update Adobe After Effects to version 18.2 or later.
What could an attacker achieve by exploiting CVE-2021-28587?
An attacker could exploit CVE-2021-28587 to disclose sensitive memory and potentially bypass security mitigations like ASLR.
Which versions of Adobe After Effects are affected by CVE-2021-28587?
CVE-2021-28587 affects Adobe After Effects versions 18.0 and earlier.
Does CVE-2021-28587 require user interaction for exploitation?
Yes, exploitation of CVE-2021-28587 requires user interaction.
- agent/type
- agent/severity
- agent/author
- agent/weakness
- agent/title
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe after effects 2025
- vendor/microsoft
- canonical/microsoft windows operating system