CVE-2021-42268: 
NixOS vulnerability analysis and mitigation

Adobe Animate version 21.0.9 and earlier versions were found to contain a Null pointer dereference vulnerability (CVE-2021-42268) when parsing specially crafted FLA files. The vulnerability was disclosed on November 18, 2021, affecting Adobe Animate software (NVD Database).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is local (AV:L), requiring low attack complexity (AC:L), with no privileges required (PR:N) but needs user interaction (UI:R). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (NVD Database).

When successfully exploited, this vulnerability could lead to an application denial-of-service in the context of the current user. The exploitation requires user interaction, specifically opening a malicious file (NVD Database).

Adobe has released patches to address this vulnerability. The advisory is listed as priority 3, which is the lowest risk level, meaning that administrators can patch at their discretion (Threatpost Article).

The vulnerability was discovered and reported by researchers from the Topsec Alpha Team. Adobe stated that there was no evidence of the vulnerability being exploited in the wild at the time of disclosure (Threatpost Article).