===================================================================== CERT-Renater Note d'Information No. 2021/VULN572 _____________________________________________________________________ DATE : 27/10/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Adobe Premiere Pro versions prior to 22.0. ===================================================================== https://helpx.adobe.com/security/products/premiere_pro/apsb21-100.html _____________________________________________________________________ Last updated on Oct 26, 2021 Security Updates Available for Adobe Premiere Pro | APSB21-100 Bulletin ID Date Published Priority ASPB21-100 October 26, 2021   3 Summary Adobe has released updates for Adobe Premiere Pro for Windows and macOS. This update addresses critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and application denial of service. Affected Versions Product Version Platform Adobe Premiere Pro 15.4.1 and earlier versions Windows and macOS Solution Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. For more information, please reference this help page. Product Version Platform Priority Rating Availability Adobe Premiere Pro 22.0 Windows and macOS 3 Download Center   For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information. Vulnerability details Vulnerability Category Vulnerability Impact Severity CVSS base score  CVSS vector CVE Numbers Access of Memory Location After End of Buffer (CWE-788) Arbitrary Code Execution  Critical 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-40792 Access of Memory Location After End of Buffer (CWE-788) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-40793 Access of Memory Location After End of Buffer (CWE-788) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-40794 NULL Pointer Dereference (CWE-476) Application denial of service Important 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-40796 NULL Pointer Dereference (CWE-476) Application denial of service Important 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-42263 NULL Pointer Dereference (CWE-476) Application denial of service Important 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-42264 Acknowledgments Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: (hy350) HY350 of Topsec Alpha Team- CVE-2021-42264; CVE-2021-42263; CVE-2021-40796 (yjdfy) CQY of Topsec Alpha Team- CVE-2021-40793 (cff_123) CFF of Topsec Alpha Team- CVE-2021-40794; CVE-2021-40792    For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================