SB2021110304 - Multiple vulnerabilities in Adobe After Effects

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40751)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

2) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40752)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

3) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40753)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

4) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40754)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

5) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40755)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

6) NULL pointer dereference (CVE-ID: CVE-2021-40756)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

7) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40757)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

8) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40758)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

9) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40759)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

10) Access of Memory Location After End of Buffer (CVE-ID: CVE-2021-40760)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

11) NULL pointer dereference (CVE-ID: CVE-2021-40761)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://helpx.adobe.com/security/products/after_effects/apsb21-79.html