CVE-2021-40734: 
Adobe Audition vulnerability analysis and mitigation

Adobe Audition version 14.4 and earlier versions are affected by a memory corruption vulnerability when parsing SVG files. The vulnerability was disclosed in October 2021 and assigned identifier CVE-2021-40734. This security flaw requires user interaction to be exploited and potentially allows arbitrary code execution in the context of the current user (NVD, Adobe Advisory).

The vulnerability is classified as a memory corruption issue, specifically an 'Access of Memory Location After End of Buffer' (CWE-788) vulnerability. It received a CVSS v3.0 base score of 7.8 (High) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The CVSS v2.0 base score is 9.3 with the vector (AV:N/AC:M/Au:N/C:C/I:C/A:C) (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user, potentially allowing an attacker to take control of the affected system. The vulnerability affects confidentiality, integrity, and availability of the system, as indicated by the high CVSS scores (Threatpost).

Adobe has released patches to address this vulnerability in Adobe Audition. Users are advised to update to the latest version of the software. The fix was released as part of Adobe's October 2021 security updates (Adobe Advisory).

The vulnerability was part of a larger Adobe security update that addressed 92 vulnerabilities across 14 products, with 66 rated as critical. The discovery was credited to security researchers from TopSec Alpha Team and Trend Micro's Zero-Day Initiative (ZDI) (Threatpost).