Description
Adobe Media Encoder version 15.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Affected Software
Related
{"id": "CVE-2021-36060", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-36060", "description": "Adobe Media Encoder version 15.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "published": "2023-09-06T14:15:00", "modified": "2023-09-11T19:04:00", "epss": [{"cve": "CVE-2021-36060", "epss": 0.00228, "percentile": 0.60534, "modified": "2023-09-19"}], "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9}, "severity": "LOW", "exploitabilityScore": 3.4, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36060", "reporter": "psirt@adobe.com", "references": ["https://helpx.adobe.com/security/products/media-encoder/apsb21-43.html"], "cvelist": ["CVE-2021-36060"], "immutableFields": [], "lastseen": "2023-09-19T23:10:57", "viewCount": 14, "enchantments": {"backreferences": {"references": [{"type": "adobe", "idList": ["APSB21-43"]}]}, "score": {"value": 6.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "adobe", "idList": ["APSB21-43"]}], "rev": 4}, "vulnersScore": 6.4}, "_state": {"dependencies": 1695165317, "score": 1695165597, "epss": 0}, "_internal": {"score_hash": "8b6e262ef679d08bb805a64915718d48"}, "cna_cvss": {"cna": "adobe", "cvss": {"3": {"vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "score": 5.5}}}, "cpe": [], "cpe23": [], "cwe": ["CWE-125"], "affectedSoftware": [{"cpeName": "adobe:media_encoder", "version": "15.4", "operator": "lt", "name": "adobe media encoder"}], "affectedConfiguration": [{"name": "microsoft windows", "cpeName": "microsoft:windows", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:adobe:media_encoder:15.4:*:*:*:*:*:*:*", "versionEndExcluding": "15.4", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-43.html", "name": "https://helpx.adobe.com/security/products/media-encoder/apsb21-43.html", "refsource": "MISC", "tags": ["Vendor Advisory"]}], "product_info": [{"vendor": "Adobe", "product": "Media Encoder"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "2021-06-30T00:00:00"}
{"adobe": [{"lastseen": "2023-09-19T23:33:11", "description": "Adobe has released an update for Adobe Media Encoder. This update resolves multiple [critical]() and [moderate]() vulnerabilities that could lead to arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-20T00:00:00", "type": "adobe", "title": "APSB21-43 Security update available for Adobe Media Encoder", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28589", "CVE-2021-28590", "CVE-2021-36013", "CVE-2021-36014", "CVE-2021-36015", "CVE-2021-36016", "CVE-2021-36060"], "modified": "2021-07-20T00:00:00", "id": "APSB21-43", "href": "https://helpx.adobe.com/security/products/media-encoder/apsb21-43.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2021-36060
