Multiple vulnerabilities in Adobe Bridge



Published: 2022-01-11 | Updated: 2022-01-14
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2021-44187
CVE-2021-44186
CVE-2021-44185
CVE-2021-44743
CVE-2021-45051
CVE-2021-45052
CWE-ID CWE-125
CWE-787
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Adobe Bridge
Client/Desktop applications / Multimedia software

Vendor Adobe

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU58827

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-44187

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted SGI file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Bridge: 9.0.2 - 9.1, 10.0 - 10.1.3, 11.0.0 - 11.1.2, 12.0


CPE2.3 External links

http://helpx.adobe.com/security/products/bridge/apsb21-94.html
http://helpx.adobe.com/security/products/bridge/apsb22-03.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU58826

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-44186

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted SGI file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Bridge: 9.0.2 - 9.1, 10.0 - 10.1.3, 11.0.0 - 11.1.2, 12.0


CPE2.3 External links

http://helpx.adobe.com/security/products/bridge/apsb21-94.html
http://helpx.adobe.com/security/products/bridge/apsb22-03.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU58825

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-44185

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted RGB file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Bridge: 9.0.2 - 9.1, 10.0 - 10.1.3, 11.0.0 - 11.1.2, 12.0


CPE2.3 External links

http://helpx.adobe.com/security/products/bridge/apsb21-94.html
http://helpx.adobe.com/security/products/bridge/apsb22-03.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds write

EUVDB-ID: #VU59452

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-44743

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing JPG2000 images. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Bridge: 11.0.0 - 11.1.2, 12.0


CPE2.3 External links

http://helpx.adobe.com/security/products/bridge/apsb22-03.html
http://www.zerodayinitiative.com/advisories/ZDI-22-063/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Use-after-free

EUVDB-ID: #VU59453

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-45051

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error when processing JPG2000 images. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and gain access to sensitive information.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Bridge: 11.0.0 - 11.1.2, 12.0


CPE2.3 External links

http://helpx.adobe.com/security/products/bridge/apsb22-03.html
http://www.zerodayinitiative.com/advisories/ZDI-22-065/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Out-of-bounds read

EUVDB-ID: #VU59454

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-45052

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing TIFF files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Adobe Bridge: 11.0.0 - 11.1.2, 12.0


CPE2.3 External links

http://helpx.adobe.com/security/products/bridge/apsb22-03.html
http://www.zerodayinitiative.com/advisories/ZDI-22-064/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###