CVE-2021-43746

CVE Database · CVE-2021-43746

CVE-2021-43746

· MEDIUMModified

CVSS v3.1

5.5

EPSS

1.72%

Published

Dec 20, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-824

Affected Products (2)

adobe · premiere_rushvulnerable

microsoft · windows

References (2)

https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html

Vendor Advisory

https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs