CVE-2021-42719
7.8
HIGH
CVSS 3.1
EPSS 3.7%
Description
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
How to fix CVE-2021-42719
To remediate CVE-2021-42719, upgrade the affected package to a fixed version below.
- —upgrade to 0 or later
Is CVE-2021-42719 being exploited?
Low — EPSS is 3.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |