CVE-2021-42533Double Free in Adobe Bridge

CWE-415Double Free4 documents4 sources
Severity
7.8HIGHNVD
EPSS
4.7%
top 10.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Bridge
Timeline
PublishedMar 16
Latest updateMar 17

Description

Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Alpineadobe/bridge< 0+7
CVEListV5adobe/bridgeunspecified11.1.1+1
NVDadobe/bridge11.1.1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-r2vp-qcg8-m2f6: Adobe Bridge version 112022-03-17
CVEList
Adobe Bridge DCM File Parsing Double Free Remote Code Execution Vulnerability2022-03-16
OSV
CVE-2021-42533: Adobe Bridge version 112022-03-16
CVE-2021-42533 — Double Free in Adobe Bridge | cvebase