CVE-2021-43746

CWE-8243 documents3 sources
Severity
5.5MEDIUM
EPSS
0.8%
top 26.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Premiere Rush
Timeline
PublishedDec 20
Latest updateDec 21

Description

Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/premiere_rushunspecified1.5.16+1

🔴Vulnerability Details

2
GHSA
GHSA-m8fx-qg8p-vw5p: Adobe Premiere Rush versions 12021-12-21
CVEList
Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability2021-12-20
CVE-2021-43746 (MEDIUM CVSS 5.5) | Adobe Premiere Rush versions 1.5.16 | cvebase.io