CVE-2021-43030

CWE-8243 documents3 sources

Severity

3.3LOW

EPSS

0.4%

top 36.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Premiere Rush

Timeline

PublishedDec 20

Latest updateDec 21

Description

Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose arbitrary data on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5adobe/premiere_rushunspecified — 1.5.16+1

▶NVDadobe/premiere_rush1.5.16

🔴Vulnerability Details

GHSA

GHSA-h2x9-6rh9-j45r: Adobe Premiere Rush versions 1↗2021-12-21

▶

CVEList

Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability↗2021-12-20

▶