CVE-2021-36070
01.09.2021, 15:15
Adobe Media Encoder version 15.1 (and earlier) is affected by an improper memory access vulnerability when parsing a crafted .SVG file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Enginsight
| Vendor | Product | Version |
|---|---|---|
| adobe | media_encoder | 𝑥 ≤ 15.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-788 - Access of Memory Location After End of BufferThe software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.