CVE-2021-43751: 
Adobe Premiere Pro vulnerability analysis and mitigation

Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) were affected by an out-of-bounds read vulnerability identified as CVE-2021-43751. The vulnerability was discovered and reported to Adobe on September 15, 2021, by Mat Powell of Trend Micro Zero Day Initiative, with public disclosure occurring on December 21, 2021 (ZDI Advisory, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that occurs during the parsing of MP4 files. The issue stems from inadequate validation of user-supplied data, which can result in a read past the end of an allocated buffer. The vulnerability received a CVSS v3.1 Base Score of 3.3 (Low) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (NVD, ZDI Advisory).

The vulnerability could lead to the disclosure of sensitive memory information. An attacker could potentially leverage this vulnerability to bypass security mitigations such as Address Space Layout Randomization (ASLR) (NVD).

Adobe has released security updates to address this vulnerability. Users should update to versions newer than 22.0 or 15.4.2 of Adobe Premiere Pro (Adobe Advisory).