CVE-2021-21091

Description


Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CvssV3 impact


Version

3.1

VectorString

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AttackVector

LOCAL

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

REQUIRED

Scope

UNCHANGED

ConfidentialityImpact

LOW

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

3.3

BaseSeverity

LOW

CvssV2 impact


AccessComplexity

MEDIUM

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

4.3

VectorString

AV:N/AC:M/Au:N/C:P/I:N/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE