Multiple vulnerabilities in Adobe Audition



Published: 2021-11-02
Risk High
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2021-40734
CVE-2021-40735
CVE-2021-40736
CVE-2021-40737
CVE-2021-40738
CVE-2021-40739
CVE-2021-40740
CVE-2021-40741
CVE-2021-40742
CWE-ID CWE-788
CWE-476
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Adobe Audition
Client/Desktop applications / Other client software

Vendor Adobe

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57865

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40734

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Audition: 14.0 - 14.4


CPE2.3 External links

http://helpx.adobe.com/security/products/audition/apsb21-92.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57866

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40735

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Audition: 14.0 - 14.4


CPE2.3 External links

http://helpx.adobe.com/security/products/audition/apsb21-92.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57867

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40736

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Audition: 14.0 - 14.4


CPE2.3 External links

http://helpx.adobe.com/security/products/audition/apsb21-92.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) NULL pointer dereference

EUVDB-ID: #VU57872

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-40737

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Audition: 14.0 - 14.4


CPE2.3 External links

http://helpx.adobe.com/security/products/audition/apsb21-92.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57868

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40738

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Audition: 14.0 - 14.4


CPE2.3 External links

http://helpx.adobe.com/security/products/audition/apsb21-92.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57869

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40739

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Audition: 14.0 - 14.4


CPE2.3 External links

http://helpx.adobe.com/security/products/audition/apsb21-92.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57870

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40740

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Audition: 14.0 - 14.4


CPE2.3 External links

http://helpx.adobe.com/security/products/audition/apsb21-92.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Access of Memory Location After End of Buffer

EUVDB-ID: #VU57871

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40741

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Audition: 14.0 - 14.4


CPE2.3 External links

http://helpx.adobe.com/security/products/audition/apsb21-92.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) NULL pointer dereference

EUVDB-ID: #VU57873

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-40742

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Audition: 14.0 - 14.4


CPE2.3 External links

http://helpx.adobe.com/security/products/audition/apsb21-92.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###