Lucene search

K
cve[email protected]CVE-2021-44189
HistorySep 07, 2023 - 2:15 p.m.

CVE-2021-44189

2023-09-0714:15:07
CWE-416
web.nvd.nist.gov
8
cve-2021-44189
adobe after effects
use-after-free
vulnerability
memory disclosure
aslr bypass
exploitation

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

3.5 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected configurations

Vulners
NVD
Node
adobeafter_effectsRange18.4.2
VendorProductVersionCPE
adobeafter_effects*cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "After Effects",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "18.4.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

3.5 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

Related for CVE-2021-44189