CVE-2021-40715: 
Adobe Premiere Pro vulnerability analysis and mitigation

Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability (CVE-2021-40715) that was disclosed on September 29, 2021. The vulnerability occurs due to insecure handling of malicious .exr files, which could potentially result in arbitrary code execution in the context of the current user. User interaction is required as the victim must open a specially crafted file to exploit this vulnerability (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-788 (Access of Memory Location After End of Buffer) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. This could potentially lead to unauthorized access, data manipulation, or system compromise within the user's permission level (NVD).

Adobe has addressed this vulnerability in version 15.4.1 of Premiere Pro. Users are advised to update to the latest version to mitigate this security risk (ManageEngine).