CVE-2023-47040

Name of the Vulnerable Software and Affected Versions Adobe Media Encoder versions 24.0.2 and earlier Adobe Media Encoder versions 23.6 and earlier

Description The issue is related to an out-of-bounds read vulnerability in Adobe Media Encoder when parsing a crafted file. This could result in reading past the end of an allocated memory structure, potentially allowing an attacker to execute code in the context of the current user. Exploitation requires user interaction, where a victim must open a malicious file.

Recommendations For Adobe Media Encoder versions 24.0.2 and earlier, update to a version later than 24.0.2 to resolve the issue. For Adobe Media Encoder versions 23.6 and earlier, update to a version later than 23.6 to resolve the issue. As a temporary workaround, consider avoiding the use of crafted MP4 files in Adobe Media Encoder until a patch is available.