CVE-2021-21092: 
Adobe Bridge vulnerability analysis and mitigation

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. The vulnerability, identified as CVE-2021-21092, was discovered in December 2020 and publicly disclosed on April 15, 2021. This vulnerability affects the DCM file parsing functionality in Adobe Bridge (ZDI Advisory, NVD).

The vulnerability is classified as a memory corruption issue that occurs during the processing of DCM files. The specific flaw exists due to the lack of proper validation of user-supplied data, which can result in a memory corruption condition. It has been assigned a CVSS v3.0 base score of 7.8 (High) with the vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

A successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability affects the confidentiality, integrity, and availability of the system with high severity ratings for each aspect (NVD).

Adobe has issued security updates to address this vulnerability. Users should update to versions newer than Adobe Bridge 10.1.1 and 11.0.1 respectively (Adobe Advisory).