CVE-2021-28600: Adobe After Effects Out-of-bounds Read vulnerability could lead to sensitive information disclosure
First published: Tue Jun 08 2021(Updated: )
Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe After Effects | <=18.2 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-28600?
The severity of CVE-2021-28600 is rated as important due to the potential for memory disclosure.
How do I fix CVE-2021-28600?
To fix CVE-2021-28600, update Adobe After Effects to version 18.3 or later.
Who is affected by CVE-2021-28600?
Users of Adobe After Effects version 18.2 and earlier are affected by CVE-2021-28600.
What type of vulnerability is CVE-2021-28600?
CVE-2021-28600 is classified as an Out-of-bounds Read vulnerability.
Can CVE-2021-28600 be exploited remotely?
CVE-2021-28600 requires local access, as it affects the current user's context.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/adobe
- canonical/adobe after effects
- version/adobe after effects/18.2
- vendor/microsoft
- canonical/microsoft windows