CVE-2021-42721

HIGH

Adobe Media Encoder < 15.4 - Use-After-Free in Format Event Action Processing

Title source: llm
STIX 2.1

Description

Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0354
EPSS Percentile 87.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
adobe/media_encoder < 15.4
Published Nov 16, 2021
Tracked Since Feb 18, 2026