CVE-2021-43758 - Vulnerability Details - OpenCVE

Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Adobe	Media Encoder
Apple	Macos
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:adobe:media_encoder::::::::
	cpe:2.3:a:adobe:media_encoder:22.0:::::::*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

References

Link	Providers
https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html

History

Wed, 05 Mar 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2023-07-12T11:17:43.644Z

Updated: 2025-03-05T18:53:59.844Z

Reserved: 2021-11-15T21:18:52.500Z

Link: CVE-2021-43758

Vulnrichment

Updated: 2024-08-04T04:03:08.812Z

NVD

Status : Modified

Published: 2023-07-12T12:15:09.437

Modified: 2024-11-21T06:29:43.817

Link: CVE-2021-43758

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-43758", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2021-11-15T21:18:52.500Z", "datePublished": "2023-07-12T11:17:43.644Z", "dateUpdated": "2025-03-05T18:53:59.844Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Media Encoder", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "15.4.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2021-12-14T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 3.3, "environmentalSeverity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 3.3, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2023-07-12T11:17:43.644Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:08.812Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-05T18:35:44.228903Z", "id": "CVE-2021-43758", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T18:53:59.844Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-43758", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2021-11-15T21:18:52.500Z", "datePublished": "2023-07-12T11:17:43.644Z", "dateUpdated": "2025-03-05T18:53:59.844Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Media Encoder", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "15.4.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2021-12-14T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 3.3, "environmentalSeverity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "LOW", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 3.3, "temporalSeverity": "LOW", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2023-07-12T11:17:43.644Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:08.812Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-43758", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-05T18:35:44.228903Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T18:35:45.480Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:media_encoder:*:*:*:*:*:*:*:*", "matchCriteriaId": "83E97086-4A91-4529-9143-121407A34C76", "versionEndExcluding": "15.4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:media_encoder:22.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9AFEE41-4C50-4D43-9963-CF015A7BA056", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file."}], "id": "CVE-2021-43758", "lastModified": "2024-11-21T06:29:43.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "psirt@adobe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-12T12:15:09.437", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "psirt@adobe.com", "type": "Secondary"}]}