Skip to main content

Prelude CVE-2021-40774

MEDIUM
NULL Pointer Dereference (CWE-476)
2021-11-22 psirt@adobe.com
5.5
CVSS 3.1 · Vendor: adobe
Share

Severity by source

Vendor (adobe) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from Vendor (adobe) · only source for this CVE.

CVSS VectorVendor: adobe

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 22, 2021 - 16:15 cve.org
MEDIUM 5.5

DescriptionCVE.org

Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Affected products include: Adobe Prelude. Version information: version 10.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2020-9680 HIGH
8.8 Jul 22

Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this v

CVE-2020-9678 HIGH
8.8 Jul 22

Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this v

CVE-2020-9677 HIGH
8.8 Jul 22

Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 8.8), this vu

CVE-2021-42738 HIGH
7.8 Nov 22

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a

CVE-2021-42737 HIGH
7.8 Nov 22

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a

CVE-2021-40775 HIGH
7.8 Nov 22

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a

CVE-2021-40772 HIGH
7.8 Nov 22

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a

CVE-2021-40771 HIGH
7.8 Nov 22

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a

CVE-2021-40770 HIGH
7.8 Nov 22

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a

CVE-2021-43012 HIGH
7.8 Nov 16

Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. Rated high severity (CVSS 7.

CVE-2021-43011 HIGH
7.8 Nov 16

Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. Rated high severity (CVSS 7.

CVE-2021-35999 HIGH
7.8 Aug 20

Adobe Prelude version 10.0 (and earlier) is affected by a memory corruption vulnerability when parsing a specially craft

Share

CVE-2021-40774 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy