Adobe Security Bulletin

Security Updates Available for Adobe Audition | APSB21-92

Bulletin ID

Date Published

Priority

ASPB21-92

October 26, 2021           

3

Summary

Adobe has released an update for Adobe Audition for Windows and macOS. This update resolves multiple critical and important arbitrary code execution and application denial-of-service vulnerabilities.                

Affected Versions

Product

Version

Platform

Adobe Audition

14.4  and earlier versions          

Windows and macOS

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism.  For more information, please reference this help page.

Product

Version

Platform

Priority Rating

Availability

Adobe Audition

22.0

Windows and macOS

3

Download Center      

Adobe Audition

14.4.2

Windows and macOS

3

Download Center      

For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Numbers

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 

CVE-2021-40734 

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 
 

CVE-2021-40735 

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution

Critical

7.8

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 
 

CVE-2021-40736 

NULL Pointer Dereference (CWE-476)

Application denial-of-service 

important

5.5


CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 
 

CVE-2021-40737 

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 
 
 

CVE-2021-40738 

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution

Critical

7.8


CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 
 
 

CVE-2021-40739 

Access of Memory Location After End of Buffer (CWE-788

Arbitrary code execution

Critical

7.8


CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 
 
 

CVE-2021-40740 

Access of Memory Location After End of Buffer (CWE-788

Application denial-of-service 

important

5.5



CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
 

CVE-2021-40741 

NULL Pointer Dereference (CWE-476

Application denial-of-service 

important

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
 
 

CVE-2021-40742 

Acknowledgments


Adobe would like to thank hy350, yjdfy and cff_123  of Topsec Alpha Team for reporting these issues and for working with Adobe to help protect our customers.        

  • (hy350) HY350 of Topsec Alpha Team (CVE-2021-40737; CVE-2021-40742)

  • (yjdfy) CQY of Topsec Alpha Team (CVE-2021-40734; CVE-2021-40738; CVE-2021-40739; CVE-2021-40740)

  • (cff_123) CFF of Topsec Alpha Team (CVE-2021-40735; CVE-2021-40736; CVE-2021-40741)

 

Revisions


October 28, 2021: Added row to solution table for N-1 version.

 


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com

 Adobe

Get help faster and easier

New user?

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online