CVE-2021-43746: 
Adobe Premiere Rush vulnerability analysis and mitigation

Adobe Premiere Rush versions 1.5.16 and earlier were found to contain an uninitialized pointer vulnerability that could allow remote attackers to disclose sensitive information. The vulnerability, tracked as CVE-2021-43746, was discovered by Mat Powell of Trend Micro Zero Day Initiative and disclosed on December 21, 2021. The vulnerability specifically affects the MP4 file parsing functionality in Adobe Premiere Rush (ZDI Advisory, NVD).

The vulnerability stems from improper initialization of memory prior to accessing it during MP4 file parsing operations. The issue has been assigned CWE-824 (Access of Uninitialized Pointer). According to the CVSS 3.1 scoring, it received a base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD).

When successfully exploited, this vulnerability allows attackers to disclose sensitive information from affected installations. The vulnerability could potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Premiere Rush beyond version 1.5.16 (Adobe Advisory).