CVE-2021-44699: 
Adobe Audition vulnerability analysis and mitigation

Adobe Audition versions 14.4 (and earlier) and 22.0 (and earlier) were affected by an out-of-bounds read vulnerability, identified as CVE-2021-44699. The vulnerability was discovered in the MP4 file parsing functionality of Adobe Audition and was publicly disclosed on December 21, 2021 (ZDI Advisory, Adobe Bulletin).

The vulnerability is characterized as an out-of-bounds read issue that occurs during the parsing of MP4 files. The specific flaw stems from inadequate validation of user-supplied data, which can result in a read operation past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.0 score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a relatively low severity (ZDI Advisory).

The exploitation of this vulnerability could lead to the disclosure of sensitive information on affected installations of Adobe Audition. The vulnerability requires user interaction, specifically requiring the target to visit a malicious page or open a malicious file. Additionally, attackers could potentially leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Audition through the official Adobe security bulletin (Adobe Bulletin).

The vulnerability was initially reported to Adobe by Mat Powell of Trend Micro Zero Day Initiative on September 15, 2021, leading to a coordinated public release of the advisory on December 21, 2021 (ZDI Advisory).