CVE-2021-28600: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects version 18.2 and earlier versions were found to contain an Out-of-bounds Read vulnerability (CVE-2021-28600) when parsing specially crafted files. The vulnerability was disclosed and documented on August 24, 2021. This security flaw affects Adobe After Effects software running on various operating systems (NVD, Adobe Advisory).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) issue that occurs during file parsing operations. The CVSS v3.1 base score is 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, no privileges required, and user interaction required. Under CVSS v2.0, it received a base score of 4.3 (Medium) with the vector (AV:N/AC:M/Au:N/C:P/I:N/A:N) (NVD).

If successfully exploited, this vulnerability could allow an unauthenticated attacker to disclose sensitive memory information in the context of the current user. The impact is primarily focused on data confidentiality, with no direct impact on system integrity or availability (NVD).

Adobe has addressed this vulnerability in their security advisory. Users are advised to update their Adobe After Effects software to versions newer than 18.2 to mitigate this security risk (Adobe Advisory).