First published: Thu Sep 07 2023(Updated: )
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe After Effects | <=18.4.2 | |
Adobe After Effects | >=22.0<22.1.1 | |
Apple macOS | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-44191 is an out-of-bounds read vulnerability in Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) that could lead to disclosure of sensitive memory.
CVE-2021-44191 affects Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) by allowing an attacker to bypass mitigations such as ASLR and potentially disclose sensitive memory.
An attacker can exploit CVE-2021-44191 by leveraging the out-of-bounds read vulnerability in Adobe After Effects, requiring user interaction to exploit.
CVE-2021-44191 has a severity rating of low with a CVSS score of 3.3.
To fix CVE-2021-44191, update Adobe After Effects to version 22.1.1 or later.