CVE-2021-42264: 
Adobe Premiere Pro vulnerability analysis and mitigation

Adobe Premiere Pro 15.4.1 and earlier versions were found to contain a Null pointer dereference vulnerability when parsing specially crafted files. The vulnerability, tracked as CVE-2021-42264, was discovered by HY350 of Topsec Alpha Team and disclosed in November 2021. The affected software includes all versions of Adobe Premiere Pro up to version 15.4.1 on both Windows and macOS platforms (NVD, Adobe Advisory).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue. It received a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. Under CVSS v2.0, it was assigned a Base Score of 4.3 (Medium) with the vector string (AV:N/AC:M/Au:N/C:N/I:N/A:P) (NVD).

When successfully exploited, this vulnerability could lead to an application denial-of-service condition in the context of the current user. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (NVD).

Adobe addressed this vulnerability by releasing version 15.4.2 of Premiere Pro. Users are advised to update to this version or later to mitigate the risk (NVD).