Adobe fixed several memory corruption issues in some of its products

Pierluigi Paganini May 20, 2020

Adobe addressed multiple memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products.

Adobe addressed multiple memory corruption vulnerabilities in several of its products, including an arbitrary code execution.

The issues affect Character Animation, Premiere Rush, Premiere Pro, and Audition, they were reported to Adobe by researcher Mat Powell of Trend Micro’s Zero Day Initiative (ZDI).

APSB20-29 Security update available for Adobe Premiere Rush05/19/202005/19/2020
APSB20-28 Security update available for Adobe Audition05/19/202005/19/2020
APSB20-27 Security update available for Adobe Premiere Pro05/19/202005/19/2020
APSB20-25 Security update available for Adobe Character Animator 05/19/202005/19/2020

The most serious flaw, tracked as CVE-2020-9586, is a critical stack-based buffer overflow affecting the Windows and macOS versions of the Adobe’s Character Animation product.

The vulnerability could be exploited by a remote attacker to execute arbitrary code.

“Adobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves a stack-based buffer overflow vulnerability that could lead to remote code execution.” reads the advisory published by Adobe.

Adobe has also addressed updates an out-of-bounds read vulnerability in Adobe Premiere Rush for Windows and macOS that could lead to information disclosure. 

The IT giant has released security updates for Adobe Premiere Pro for Windows and macOS that addressed an out-of-bounds read vulnerability that could lead to information disclosure.

The last issue addressed by Adobe is a stack-based buffer overflow vulnerability in Adobe Character Animator for Windows and macOS that could lead to remote code execution. 

The good news is that Adobe is not aware of attacks in the wild that exploited the above vulnerabilities and assigned them a priority rating of 3 because they are unlikely to ever be exploited.

At the beginning of this month Adobe released security updates to address 36 vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – memory corruption flaws, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment