CVE-2021-42723

Name of the Vulnerable Software and Affected Versions Adobe Bridge version 11.1.1 and earlier Adobe Premiere Pro versions 15.4 and earlier

Description The issue is related to an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure, and a memory corruption vulnerability. An attacker could leverage these vulnerabilities to execute code in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file, such as an M4A file.

Recommendations For Adobe Bridge version 11.1.1 and earlier, update to a version later than 11.1.1 to resolve the issue. For Adobe Premiere Pro versions 15.4 and earlier, update to a version later than 15.4 to resolve the issue. As a temporary workaround, consider avoiding the use of SGI and M4A files in Adobe Bridge and Adobe Premiere Pro until a patch is available. Restrict access to these file types to minimize the risk of exploitation.