CVE-2021-40764: 
Adobe Character Animator vulnerability analysis and mitigation

Adobe Character Animator version 4.4 and earlier versions contain a memory corruption vulnerability when parsing M4A files. The vulnerability was discovered and assigned CVE-2021-40764, with the initial record created on September 8, 2021. This security flaw requires user interaction to be exploited (CVE Mitre).

The vulnerability is classified as a memory corruption issue, specifically related to 'Access of Memory Location After End of Buffer' which can lead to arbitrary code execution. The vulnerability has a CVSS severity rating of 7.8, indicating a high severity level (Threatpost).

If successfully exploited, this vulnerability could potentially result in arbitrary code execution in the context of the current user. The execution would occur with the same privileges as the user running the Adobe Character Animator application (CVE Mitre).

Adobe has released patches to address this vulnerability as part of an out-of-band security update. The fix was included in Adobe's security bulletin APSB21-95, and administrators are advised to apply the update according to their security policies (Adobe Security).

The vulnerability was discovered and reported by CQY of Topsec Alpha Team, along with several other vulnerabilities in Adobe products. This was part of a larger security update from Adobe that addressed 92 vulnerabilities across 14 products (Threatpost).