CVE-2021-28630: 
NixOS vulnerability analysis and mitigation

Adobe Animate version 21.0.6 and earlier versions are affected by an Out-of-bounds Read vulnerability. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on June 10, 2021. This security flaw affects Adobe Animate software installations and requires user interaction for exploitation (ZDI Advisory, NVD).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) that occurs during the parsing of FLA files. The issue stems from inadequate validation of user-supplied data, which can result in a read operation past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 Base Score of 3.3 (Low) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, indicating local access requirements and user interaction for exploitation (ZDI Advisory, NVD).

If successfully exploited, this vulnerability could allow an unauthenticated attacker to disclose potential sensitive information in the context of the current user. The impact is limited to information disclosure, with no direct impact on system integrity or availability (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Animate through the official Adobe security bulletin (Adobe Advisory).