SB2021110103 - Multiple vulnerabilities in Adobe Prelude

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40770)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.

2) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40771)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

3) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40772)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

4) NULL pointer dereference (CVE-ID: CVE-2021-40773)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2021-40774)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

6) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40775)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

7) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-42738)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

8) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-42737)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

9) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-43011)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

10) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-43012)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

11) Input validation error (CVE-ID: CVE-2021-42733)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://helpx.adobe.com/security/products/prelude/apsb21-96.html