CVE-2021-40754: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability identified as CVE-2021-40754. The vulnerability was disclosed in October 2021 and stems from insecure handling of malicious WAV files. This security flaw requires user interaction, specifically opening a specially crafted file, to be exploited (NVD, Adobe Advisory).

The vulnerability is classified as a memory corruption issue, specifically an improper restriction of operations within the bounds of a memory buffer (CWE-119) and access of memory location after end of buffer (CWE-788). It has received a CVSS v3.0 base score of 7.8 (High) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v2.0 score of 9.3 (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high severity ratings across both CVSS versions indicate potential comprehensive impacts on system confidentiality, integrity, and availability (NVD).

Adobe has released patches to address this vulnerability. Users are advised to update to the latest version of After Effects through the official Adobe update channels (Adobe Advisory).

The vulnerability was part of a larger security update from Adobe that addressed 92 vulnerabilities across 14 products, with this being one of the critical-severity issues. Security researchers from TopSec Alpha Team and Trend Micro's Zero-Day Initiative were credited for discovering various vulnerabilities in this release (Threatpost).