CVE-2021-42723: Adobe Bridge Out-of-bounds read could lead to Arbitrary Code Execution
First published: Tue Oct 26 2021(Updated: )
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Premiere Pro | <=15.4 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-42723?
CVE-2021-42723 is an out-of-bounds read vulnerability in Adobe Bridge version 11.1.1 and earlier.
What is the severity of CVE-2021-42723?
CVE-2021-42723 has a severity rating of 7.8 (critical).
How does CVE-2021-42723 affect Adobe Bridge?
CVE-2021-42723 affects Adobe Bridge version 11.1.1 and earlier by allowing an attacker to execute code in the context of the current user.
How can an attacker exploit CVE-2021-42723?
An attacker can exploit CVE-2021-42723 by leveraging the out-of-bounds read vulnerability when parsing a crafted SGI file.
Is Microsoft Windows affected by CVE-2021-42723?
No, Microsoft Windows is not affected by CVE-2021-42723.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/title
- agent/severity
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/adobe
- canonical/adobe premiere pro
- version/adobe premiere pro/15.4
- vendor/microsoft
- canonical/microsoft windows