CVE-2021-42272: 
NixOS vulnerability analysis and mitigation

Adobe Animate version 21.0.9 and earlier versions were affected by an out-of-bounds write vulnerability identified as CVE-2021-42272. The vulnerability was disclosed on November 18, 2021, and required user interaction through opening a malicious GIF file to be exploited (NVD).

The vulnerability is classified as an out-of-bounds write issue (CWE-787) that could lead to arbitrary code execution in the context of the current user. The severity assessment includes a CVSS v3.0 base score of 7.8 (High) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v2.0 base score of 9.3 with the vector string (AV:N/AC:M/Au:N/C:C/I:C/A:C) (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The high CVSS scores indicate potential severe impacts on system confidentiality, integrity, and availability (NVD).

Adobe released security patches to address this vulnerability. Users of affected versions of Adobe Animate (21.0.9 and earlier) should update to the latest version as recommended by Adobe (Adobe Advisory).

The vulnerability was discovered and reported through collaboration with security researchers, including those working with Trend Micro's Zero Day Initiative (ZDI). The disclosure was part of a larger Adobe security update that addressed multiple vulnerabilities across various Adobe products (Threatpost).