CVE-2021-40751

Name of the Vulnerable Software and Affected Versions Adobe After Effects versions 18.4 and earlier

Description The issue is related to a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required, as the victim must open a specially crafted file to exploit this vulnerability. The vulnerability is also described as a buffer overflow in memory, which can allow an attacker to execute arbitrary code on the target system.

Recommendations For Adobe After Effects versions 18.4 and earlier, consider avoiding the use of .m4a files from untrusted sources until a patch is available. As a temporary workaround, restrict the ability to open specially crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.