Description
Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-03-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Execution of code in user context
Action: Apply Patch
AI Analysis

Impact

Premiere Pro up to version 25.5 contains an out‑of‑bounds read that enables an attacker to read beyond an allocated buffer while parsing a crafted media file. The flaw can be exploited to execute code in the context of the current user, potentially allowing full control of the host system. Because the vulnerability requires the user to open a malicious file, it is a local code‑execution risk that can be leveraged by social engineering or malware distribution techniques.

Affected Systems

Adobe Premiere Pro on both macOS and Windows platforms is affected; all installations running version 25.5 or earlier are vulnerable. The files must be processed by the application on either OS.

Risk and Exploitability

The CVSS score of 7.8 classifies the flaw as high severity. EPSS indicates less than 1 percent probability of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires a crafted file and user interaction; an attacker typically would need to convince a target to open or preview the file, making the attack medium‑to‑low risk in uncontrolled environments.

Generated by OpenCVE AI on April 16, 2026 at 03:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Premiere Pro to the latest major version that is greater than 25.5
  • Configure the application or environment so it does not automatically open media files, and verify that only trusted files are processed
  • Apply standard file‑type validation or sandboxing where possible to isolate the media processing pipeline

Generated by OpenCVE AI on April 16, 2026 at 03:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe premiere Pro
Vendors & Products Adobe
Adobe premiere Pro

Tue, 10 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Premiere Pro | Out-of-bounds Read (CWE-125)
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Premiere Pro
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-03-11T03:56:57.635Z

Reserved: 2026-02-18T22:02:41.387Z

Link: CVE-2026-27269

cve-icon Vulnrichment

Updated: 2026-03-10T19:10:40.214Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T19:17:18.980

Modified: 2026-03-12T13:27:01.557

Link: CVE-2026-27269

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T03:45:16Z

Weaknesses