First published: Wed Sep 29 2021(Updated: )
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Framemaker | <=2019.0.8 | |
Adobe Framemaker | >=2020.0.1<=2020.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-40697 is an out-of-bounds read vulnerability in Adobe Framemaker versions 2019 Update 8 and earlier, as well as 2020 Release Update 2 and earlier. It could result in the disclosure of sensitive memory.
CVE-2021-40697 can be exploited by an attacker to bypass mitigations like ASLR, potentially leading to the disclosure of sensitive memory in Adobe Framemaker.
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by CVE-2021-40697.
CVE-2021-40697 has a severity rating of medium, with a CVSS score of 3.3.
To mitigate the out-of-bounds read vulnerability CVE-2021-40697 in Adobe Framemaker, it is recommended to update to the latest available version provided by Adobe.