PT-2021-7648 · Adobe · After Effects

Published

2021-12-14

Updated

2023-02-24

CVE-2023-22239

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions After Effects versions 23.1 and earlier After Effects versions 22.6.3 and earlier

Description The issue is related to improper input validation, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file. The vulnerability is also described as a font parsing memory corruption remote code execution issue.

Recommendations For versions 23.1 and earlier, update to a version that fixes the improper input validation vulnerability. For versions 22.6.3 and earlier, update to a version that fixes the improper input validation vulnerability. As a temporary workaround, consider avoiding the use of potentially malicious files until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2023-00820

CVE-2023-22239

ZDI-23-147

Affected Products

After Effects

PT-2021-7648 · Adobe · After Effects

CVE-2023-22239

Weakness Enumeration

Related Identifiers

Affected Products

References · 7