CVE-2021-43025: Adobe Premiere Rush SVG File Memory Corruption Remote Code Execution
First published: Tue Dec 14 2021(Updated: )
Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
Credit: psirt@adobe.com psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Premiere Rush | <=1.5.16 | |
| Microsoft Windows | ||
| All of | ||
| Adobe Premiere Rush | <=1.5.16 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Adobe Premiere Rush vulnerability?
The vulnerability ID for this Adobe Premiere Rush vulnerability is CVE-2021-43025.
What is the severity rating for CVE-2021-43025?
CVE-2021-43025 has a severity rating of 7.8 (critical).
What is the affected software version of Adobe Premiere Rush?
Adobe Premiere Rush version 1.5.16 and earlier are affected by this vulnerability.
How is this vulnerability exploited?
This vulnerability is exploited through insecure handling of a malicious SVG file, requiring user interaction.
Is Microsoft Windows affected by this vulnerability?
No, Microsoft Windows is not affected by this vulnerability.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/adobe
- canonical/adobe premiere rush
- version/adobe premiere rush/1.5.16
- vendor/microsoft
- canonical/microsoft windows