CVE-2021-44195: 
Adobe After Effects vulnerability analysis and mitigation

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability identified as CVE-2021-44195. The vulnerability was discovered in JPEG file parsing functionality and could potentially lead to disclosure of sensitive memory (NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 base score of 3.3 (LOW). The attack vector is local (AV:L) with low attack complexity (AC:L), requiring no privileges (PR:N) but does need user interaction (UI:R). The scope is unchanged (S:U) with low confidentiality impact (C:L) and no impact on integrity (I:N) or availability (A:N) (ZDI).

If exploited, this vulnerability could lead to the disclosure of sensitive memory information. The vulnerability could potentially be leveraged to bypass security mitigations such as ASLR (Address Space Layout Randomization). However, exploitation requires user interaction, specifically opening a malicious file (NVD).

Adobe has released patches to address this vulnerability. Users should update to versions later than After Effects 22.0 or 18.4.2 to mitigate this security issue (Adobe Security).