CVE-2021-28580

Name of the Vulnerable Software and Affected Versions Medium by Adobe versions 2.4.5.331 and earlier

Description The issue is related to a buffer overflow vulnerability when parsing a crafted file, allowing an unauthenticated attacker to achieve remote code execution in the context of the current user. Exploitation requires user interaction, where a victim must open a malicious file. This vulnerability is associated with a buffer copy without checking the size of the input data, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Medium by Adobe versions 2.4.5.331 and earlier, consider avoiding the use of the software until a patch is available, and refrain from opening suspicious or malicious files to minimize the risk of exploitation. As a temporary workaround, restrict the ability to parse crafted files to prevent potential remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.