CVE-2021-43746

MEDIUM

Adobe Premiere Rush <1.5.16 - Info Disclosure

Title source: llm

Description

Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it.

References (1)

[Vendor Advisory] https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html

Scores

CVSS v3 5.5

EPSS 0.0077

EPSS Percentile 73.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-824

Status published

Products (1)

adobe/premiere_rush < 1.5.16

Published Dec 20, 2021

Tracked Since Feb 18, 2026