CVE-2023-47058 – ZDI-CAN-21766: Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-47058
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe Premiere Pro versión 24.0 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los límites al analizar un archivo manipulado, lo que podría dar lugar a una lectura más allá del final de una estructura de memoria asignada. Un atacante podría aprovechar esta vulnerabilidad para ejecutar código en el contexto del usuario actual. • https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html • CWE-125: Out-of-bounds Read •
CVE-2023-22234 – Adobe Premiere Rush PSD file Stack-based Buffer Overflow Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-22234
Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/premiere_rush/apsb23-14.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-22244 – Adobe Premiere Rush PSD files Use After Free Arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-22244
Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/premiere_rush/apsb23-14.html • CWE-416: Use After Free •
CVE-2022-34235 – Adobe Premiere Elements Uncontrolled Search Path Element Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-34235
Adobe Premiere Elements version 2020v20 (and earlier) is affected by an Uncontrolled Search Path Element which could lead to Privilege Escalation. An attacker could leverage this vulnerability to obtain admin using an existing low-privileged user. Exploitation of this issue does not require user interaction. Adobe Premiere Elements versiones 2020v20 (y anteriores) está afectada por un elemento de ruta de búsqueda no controlada que podría conllevar a una elevación de privilegios. Un atacante podría aprovechar esta vulnerabilidad para obtener la administración usando un usuario poco privilegiado. • https://helpx.adobe.com/security/products/premiere_elements/apsb22-43.html • CWE-427: Uncontrolled Search Path Element •
CVE-2021-46816 – Adobe Premiere Pro M4A file memory corruption vulnerability could lead to remote code execution
https://notcve.org/view.php?id=CVE-2021-46816
Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. Adobe Premiere Pro versión 15.4 (y anteriores), están afectadas por una vulnerabilidad de corrupción de memoria. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr una ejecución de código arbitrario en el contexto del usuario actual. • https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html • CWE-787: Out-of-bounds Write •