Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-36073
CVE-2021-36073:
Adobe Bridge vulnerability analysis and mitigation
Overview
Adobe Bridge version 11.1 and earlier versions were found to contain a heap-based buffer overflow vulnerability when parsing crafted .SGI files. The vulnerability was disclosed on September 1, 2021, and was assigned the identifier CVE-2021-36073. The discovery was credited to Kdot, who worked with Trend Micro's Zero Day Initiative to report this security issue (NVD, Adobe Security).
Technical details
The vulnerability is classified as a heap-based buffer overflow (CWE-122, CWE-787) that occurs during the parsing of .SGI files in Adobe Bridge. This type of vulnerability typically involves writing data beyond the bounds of allocated memory on the heap (NVD).
Impact
A successful exploitation of this vulnerability could potentially lead to arbitrary code execution on affected systems running Adobe Bridge 11.1 or earlier versions (NVD).
Mitigation and workarounds
Adobe addressed this vulnerability through a security update for Adobe Bridge. Users were advised to update their software to the latest version to mitigate the risk (Adobe Security).
Additional resources
Source: This report was generated using AI
Related Adobe Bridge vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management