CVE-2021-40795: 
Adobe Premiere Pro vulnerability analysis and mitigation

Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) were affected by an out-of-bounds read vulnerability identified as CVE-2021-40795. The vulnerability was discovered and reported to Adobe on September 15, 2021, and was publicly disclosed on December 21, 2021. This security flaw affects Adobe Premiere Pro software running on both Windows and macOS operating systems (ZDI Advisory, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs during the parsing of 3GP files. The specific flaw exists due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated memory structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory, NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. The impact of successful exploitation includes potential unauthorized code execution with the same privileges as the affected application (Adobe Advisory).

Adobe has released security updates to address this vulnerability. Users should update to versions newer than 22.0 or 15.4.2 of Adobe Premiere Pro to mitigate this security risk (Adobe Advisory).