CVE-2021-40759: Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution
First published: Thu Nov 18 2021(Updated: )
Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe After Effects | <=18.4.1 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-40759.
Which software is affected by this vulnerability?
Adobe After Effects version 18.4.1 (and earlier) is affected.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is 7.8 (Critical).
How can this vulnerability be exploited?
This vulnerability can be exploited by opening a malicious .m4a file, which can result in arbitrary code execution.
Is user interaction required to exploit this vulnerability?
Yes, user interaction is required. The victim must open a specific file for the vulnerability to be exploited.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/references
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- vendor/adobe
- canonical/adobe after effects
- version/adobe after effects/18.4.1
- vendor/microsoft
- canonical/microsoft windows