Skip to main content

Adobe Media Encoder EUVDEUVD-2026-44447

| CVE-2026-47971 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-07-14 adobe GHSA-rvrg-6mx8-rph8
7.8
CVSS 3.1 · Vendor: adobe
Share

Severity by source

Vendor (adobe) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local file-parsing flaw needing the victim to open a malicious file (AV:L/UI:R), no prior privileges (PR:N), yielding full code execution in the user's context (C/I/A:H).

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (adobe).

CVSS VectorVendor: adobe

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 21:19 vuln.today
CVE Published
Jul 14, 2026 - 19:58 cve.org
HIGH 7.8

DescriptionCVE.org

Media Encoder is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Arbitrary code execution in Adobe Media Encoder arises from a stack-based buffer overflow (CWE-121) triggered when a victim opens a maliciously crafted media file, allowing an attacker to run code in the context of the current user. The CVSS 3.1 base score is 7.8 (local vector, user interaction required, no privileges needed). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious media file
Delivery
Deliver via email or share
Exploit
Victim opens file in Media Encoder
Execution
Overflow fixed-size stack buffer
Persist
Hijack control flow
Impact
Execute code as current user

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to open a maliciously crafted file in Adobe Media Encoder (UI:R), and the attack executes locally on the user's workstation (AV:L) with no attacker authentication or elevated privileges needed (PR:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals point to a real but user-interaction-gated risk rather than an internet-facing emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious media or project file that overflows a stack buffer in Media Encoder's parser and emails or shares it with a target editor or media-production user. When the victim opens the file, the overflow hijacks control flow and executes attacker code with the victim's privileges, potentially installing malware or stealing data. …
Remediation Patch available per vendor advisory: update Adobe Media Encoder to the fixed release listed in Adobe security bulletin APSB26-72 (https://helpx.adobe.com/security/products/media-encoder/apsb26-72.html); the exact patched version string is not present in the supplied input, so pull it directly from that advisory and apply the vendor update or use the Creative Cloud desktop app's update mechanism. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Adobe Media Encoder installations across the organization and notify affected users to avoid opening media files from untrusted sources; simultaneously, prepare communication for leadership summarizing the risk window. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44447 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy