CVE-2022-23204: 
Adobe Premiere Rush vulnerability analysis and mitigation

Adobe Premiere Rush versions 2.0 and earlier were affected by an out-of-bounds read vulnerability identified as CVE-2022-23204. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on February 10, 2022. This security flaw affects Adobe Premiere Rush software running on Microsoft Windows systems (Adobe Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) that could potentially expose sensitive memory information. The CVSS v3.1 base score is 5.5 (Medium), with a vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. Under CVSS v2.0, it received a base score of 4.3 (Medium) with a vector string of (AV:N/AC:M/Au:N/C:P/I:N/A:N) (NVD).

The vulnerability could lead to the disclosure of sensitive memory information and potentially allow attackers to bypass security mitigations such as Address Space Layout Randomization (ASLR). This type of vulnerability could expose sensitive data stored in memory to unauthorized access (CVE).

Adobe has released patches to address this vulnerability in their security advisory. Users of Adobe Premiere Rush version 2.0 and earlier are advised to update to the latest version of the software (Adobe Advisory).