CVE-2021-40738: 
Adobe Audition vulnerability analysis and mitigation

Adobe Audition version 14.4 and earlier versions were found to contain a memory corruption vulnerability when parsing WAV files. This vulnerability was identified and disclosed in October 2021, assigned the identifier CVE-2021-40738 (NVD, Adobe Security).

The vulnerability is classified as a memory corruption issue, specifically an 'Access of Memory Location After End of Buffer' vulnerability (CWE-788/CWE-119). This type of vulnerability occurs when the software attempts to access memory locations after the end of a buffer, which can potentially lead to arbitrary code execution (Threatpost).

The vulnerability could potentially result in arbitrary code execution on affected systems, allowing attackers to execute malicious code in the context of the current process (Threatpost).

Adobe addressed this vulnerability in their October 2021 security update. The fix was released as part of a larger security bulletin that addressed multiple vulnerabilities across various Adobe products. Adobe classified this as a Priority 3 update, meaning administrators can patch at their discretion (Threatpost).

The vulnerability was discovered and reported by researchers from the Trend Micro's Zero-Day Initiative (ZDI). According to ZDI researcher Dustin Childs, most of these vulnerabilities were simple file-parsing bugs that could be exploited due to lack of proper validation of user-supplied data (Threatpost).