Description
Audition versions 25.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-02-10
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Adobe Audition versions 25.3 and earlier contain a memory corruption flaw. Based on the description, it is inferred that the flaw involves memory access beyond the end of a buffer, which may lead to a crash or become unresponsive, resulting in a denial of service. The weakness is identified as CWE‑788.

Affected Systems

The vulnerability affects Adobe Audition products distributed to users under copyright of Adobe. All installations running version 25.3 or older are impacted. More recent releases after 25.3 have fixed the flaw.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% shows a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires a victim to open a specially crafted file; thus the attack vector is local file-based and needs user interaction. Because of the low probability and the lack of remote access requirements, the overall risk is moderate but still significant enough to warrant timely remediation.

Generated by OpenCVE AI on April 18, 2026 at 12:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Audition to the latest patch version that addresses the memory boundary issue.
  • Restrict users from opening unknown or untrusted media files in Audition unless verified.
  • Monitor application logs and system stability for signs of crashes or hangs linked to media file handling.

Generated by OpenCVE AI on April 18, 2026 at 12:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Feb 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:adobe:audition:*:*:*:*:*:*:*:*

Tue, 10 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe audition
Vendors & Products Adobe
Adobe audition

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description Audition versions 25.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Audition | Access of Memory Location After End of Buffer (CWE-788)
Weaknesses CWE-788
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Adobe Audition
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-02-11T15:21:45.604Z

Reserved: 2025-12-12T22:01:18.193Z

Link: CVE-2026-21316

cve-icon Vulnrichment

Updated: 2026-02-11T15:21:38.683Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T18:16:28.870

Modified: 2026-02-11T15:58:07.260

Link: CVE-2026-21316

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:00:08Z

Weaknesses