Bulletin ID
Security updates available for Adobe Premiere Elements | APSB21-106
|  | Date Published | Priority | 
|---|---|---|
| ASPB21-106 | October 26, 2021 | 3 | 
Summary
Affected Versions
| Product | Version | Platform | 
|---|---|---|
| Adobe Premiere Elements | 2021 [build 19.0 (20210809.daily.2242976) and earlier]  | Windows and macOS | 
Solution
Adobe categorizes these updates with the following priority ratings and recommends users to download the new installer and upgrade their installations.
| Product | Version | Platform | Priority | Availability | 
|---|---|---|---|---|
| Adobe Premiere Elements | 2021 [build 19.0 (20211007.daily.2243969) | Windows and macOS       | 3 | 
To verify the version of Premiere Elements on your system, please follow the following steps:
- Help
- About Premiere Elements menu
- The splash screen would show the current version and build number.
Vulnerability details
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score  | CVE Numbers | |
|---|---|---|---|---|---|
| NULL Pointer Dereference (CWE-476)  | Memory leak | Critical | 8.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H  | CVE-2021-40785  | 
| Access of Memory Location After End of Buffer (CWE-788) | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  | CVE-2021-40786    | 
| Access of Memory Location After End of Buffer (CWE-788) | Arbitrary code execution | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  | CVE-2021-40787   | 
| NULL Pointer Dereference (CWE-476)  | Application denial of service  | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H  | CVE-2021-40788    | 
| NULL Pointer Dereference (CWE-476)  | Application denial of service  | Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H  | CVE-2021-40789   | 
| Access of Memory Location After End of Buffer (CWE-788)  | Arbitrary code execution  | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  | CVE-2021-42526   | 
| Access of Memory Location After End of Buffer (CWE-788)  | Arbitrary code execution  | Critical | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  | CVE-2021-42527 | 
Acknowledgments
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
- (yjdfy) CQY of Topsec Alpha Team CVE-2021-40786; CVE-2021-40787; CVE-2021-42526; CVE-2021-42527 
- (hy350) HY350 of Topsec Alpha Team CVE-2021-40789; CVE-2021-40788; CVE-2021-40785 
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.