CVE-2021-42268: Adobe Animate FLA File Parsing Null Pointer Dereference Application Denial of Service
First published: Thu Nov 18 2021(Updated: )
Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Animate | <=21.0.9 | |
| <=21.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Adobe Animate vulnerability?
The vulnerability ID for this Adobe Animate vulnerability is CVE-2021-42268.
What is the severity rating of CVE-2021-42268?
CVE-2021-42268 has a severity rating of 5.5 (medium).
What is the affected software version of CVE-2021-42268?
Adobe Animate version 21.0.9 (and earlier) is affected by CVE-2021-42268.
What is the impact of CVE-2021-42268?
CVE-2021-42268 allows an unauthenticated attacker to achieve an application denial-of-service in the context of the current user.
Is there a fix available for CVE-2021-42268?
Yes, Adobe has released a security update to address CVE-2021-42268. It is recommended to update to the latest version of Adobe Animate.
- collector/nvd-index
- agent/type
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/adobe
- canonical/adobe animate
- version/adobe animate/21.0.9