CVE-2021-45054

LOW

Adobe InCopy < 16.4 - Use-After-Free in JPEG2000 File Processing

Title source: llm
STIX 2.1

Description

Adobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

References (1)

Core 1
Core References

Scores

CVSS v3 3.3
EPSS 0.0203
EPSS Percentile 78.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (1)
adobe/incopy < 16.4
Published Jan 13, 2022
Tracked Since Feb 18, 2026