CVE-2021-45051

LOW

Adobe Bridge < 11.1.3 and 12.0 - Use-After-Free in Format Event Processing

Title source: llm
STIX 2.1

Description

Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References (1)

Core 1
Core References

Scores

CVSS v3 3.3
EPSS 0.0274
EPSS Percentile 84.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (2)
adobe/bridge 12.0
adobe/bridge < 11.1.3
Published Jan 14, 2022
Tracked Since Feb 18, 2026