CVE-2021-42719: Adobe Bridge Out-of-bounds read could lead to Arbitrary Code Execution
First published: Wed Mar 16 2022(Updated: )
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Bridge | <=11.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-42719.
What is the severity of CVE-2021-42719?
The severity of CVE-2021-42719 is high with a CVSS score of 7.8.
Which software version is affected by CVE-2021-42719?
Adobe Bridge version 11.1.1 (and earlier) is affected by CVE-2021-42719.
How does CVE-2021-42719 work?
CVE-2021-42719 is an out-of-bounds read vulnerability in Adobe Bridge when parsing a crafted .jpe file, allowing an attacker to execute code in the context of the current user.
Is there a fix for CVE-2021-42719?
Yes, Adobe has released a security update to fix CVE-2021-42719. It is recommended to update to the latest version of Adobe Bridge.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/author
- agent/title
- agent/severity
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/adobe
- canonical/adobe bridge
- version/adobe bridge/11.1.1