CVE-2021-44191: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability identified as CVE-2021-44191. The vulnerability was discovered and disclosed in December 2021, requiring user interaction through opening a malicious file (Adobe Security Bulletin).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that occurs during MP4 file parsing. It has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD).

If exploited, this vulnerability could lead to disclosure of sensitive memory and potentially allow attackers to bypass security mitigations such as ASLR (Address Space Layout Randomization). The impact is limited to information disclosure with no direct impact on system integrity or availability (Zero Day Initiative).

Adobe has released patches to address this vulnerability in After Effects. Users should update to versions later than 22.0 or 18.4.2 depending on their current version track (Adobe Security Bulletin).