CVE-2021-44190: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability identified as CVE-2021-44190. This vulnerability was discovered and reported by Mat Powell of Trend Micro Zero Day Initiative (ZDI, Adobe Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs during MP4 file parsing. It has been assigned a CVSS v3.1 base score of 3.3 (Low) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. This indicates a local attack vector requiring user interaction, with potential for low confidentiality impact (NVD).

If successfully exploited, this vulnerability could lead to disclosure of sensitive memory information. The vulnerability could potentially be leveraged to bypass security mitigations such as ASLR (Address Space Layout Randomization) (Adobe Advisory).

Adobe has released updates to address this vulnerability. Users are advised to update to versions after 22.0 for the latest release channel or after 18.4.2 for the earlier release channel (Adobe Advisory).