Bulletin ID
Security Updates Available for Adobe Media Encoder | APSB21-43
Bulletin ID |
Date Published |
Priority |
---|---|---|
APSB21-43 |
July 20, 2021 |
3 |
Product |
Version |
Platform |
---|---|---|
Adobe Media Encoder |
15.2 and earlier versions |
Windows |
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page.
Product |
Version |
Platform |
Priority |
---|---|---|---|
Adobe Media Encoder |
15.4 |
Windows and macOS |
3 |
For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
---|---|---|---|---|---|
Out-of-bounds Read (CWE-125) |
Memory leak |
Moderate |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-28589 CVE-2021-28590 CVE-2021-36013 |
Improper Input Validation (CWE-20) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-36014 |
Access of Memory Location After End of Buffer (CWE-788) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-36015 |
Out-of-bounds Read (CWE-125) |
Arbitrary file system read |
Moderate |
3.3 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2021-36016 |
Adobe would like to thank the following for reporting the relevant issues and for working with Adobe to help protect our customers:
July 29, 2021: Updated the Vulnerability Impact, Severity, CVSS base score and the CVSS vector for CVE-2021-36016, CVE-2021-36014, CVE-2021-28589, CVE-2021-36013 and CVE-2021-28590
August 5, 2021: Included details about CVE-2021-36060.
For more information, visit https://helpx.adobe.com/security.html , or email PSIRT@adobe.com
Sign in to your account