CVE-2021-44743: 
Adobe Bridge vulnerability analysis and mitigation

Adobe Bridge versions 11.1.2 (and earlier) and 12.0 (and earlier) were affected by an out-of-bounds write vulnerability, identified as CVE-2021-44743. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on January 13, 2022. This security flaw affects Adobe Bridge software running on both Windows and macOS operating systems (ZDI Advisory, NVD).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) specifically within the parsing of JPG2000 images. The issue stems from inadequate validation of user-supplied data, which can result in a write operation past the end of an allocated structure. The vulnerability has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access requirements but high impact potential (ZDI Advisory, NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The potential impact includes complete compromise of system confidentiality, integrity, and availability within the scope of the affected user's permissions (NVD, ZDI Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to versions newer than 11.1.2 or 12.0 of Adobe Bridge to mitigate this security risk (Adobe Advisory).