Bulletin ID
Security updates available for Adobe Premiere Elements | APSB21-78
|
Date Published |
Priority |
---|---|---|
ASPB21-78 |
September 14, 2021 |
3 |
Summary
Affected Versions
Product |
Version |
Platform |
---|---|---|
Adobe Premiere Elements |
2021 [build 19.0 (20210127.daily.2235820) and earlier] |
Windows and macOS |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users to download the new installer and upgrade their installations.
Product |
Version |
Platform |
Priority |
Availability |
---|---|---|---|---|
Adobe Premiere Elements |
2021 [build 19.0 (20210809.daily.2242976)] |
Windows and macOS |
3 |
To verify the version of Premiere Elements on your system, please follow the following steps:
- Help
- About Premiere Elements menu
- The splash screen would show the current version and build number.
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
---|---|---|---|---|---|
Access of Memory Location After End of Buffer (CWE-788) |
Arbitrary code execution |
Critical |
8.8 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-39824 |
Access of Memory Location After End of Buffer (CWE-788) |
Arbitrary code execution |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
CVE-2021-40701 |
Access of Memory Location After End of Buffer (CWE-788) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-40700 CVE-2021-40703 CVE-2021-40702 |
Acknowledgments
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
- CQY of Topsec Alpha Team (yjdfy) (CVE-2021-40700, CVE-2021-39824, CVE-2021-40702)
- CFF of Topsec Alpha Team (cff_123) (CVE-2021-40703, CVE-2021-40701)
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.