Adobe Security Bulletin

Last updated on 12 November 2021

Security Updates Available for Adobe Audition | APSB21-92

Bulletin ID	Date Published	Priority
ASPB21-92	October 26, 2021	3

Summary

Adobe has released an update for Adobe Audition for Windows and macOS. This update resolves multiple critical and important arbitrary code execution and application denial-of-service vulnerabilities.             

Affected Versions

Product	Version	Platform
Adobe Audition	14.4  and earlier versions	Windows and macOS

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. For more information, please reference this help page.

Product	Version	Platform	Priority Rating	Availability
Adobe Audition	22.0	Windows and macOS	3	Download Center
Adobe Audition	14.4.2	Windows and macOS	3	Download Center

For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.

Vulnerability details

Vulnerability Category	Vulnerability Impact	Severity	CVSS base score	CVSS vector	CVE Numbers
Access of Memory Location After End of Buffer (CWE-788)	Arbitrary code execution	Critical	7.8	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-40734
Access of Memory Location After End of Buffer (CWE-788)	Arbitrary code execution	Critical	7.8	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-40735
Access of Memory Location After End of Buffer (CWE-788)	Arbitrary code execution	Critical	7.8	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-40736
NULL Pointer Dereference (CWE-476)	Application denial-of-service	important	5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	CVE-2021-40737
Access of Memory Location After End of Buffer (CWE-788)	Arbitrary code execution	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-40738
Access of Memory Location After End of Buffer (CWE-788)	Arbitrary code execution	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-40739
Access of Memory Location After End of Buffer (CWE-788)	Arbitrary code execution	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-40740
Access of Memory Location After End of Buffer (CWE-788)	Application denial-of-service	important	5.5	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	CVE-2021-40741
NULL Pointer Dereference (CWE-476)	Application denial-of-service	important	5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	CVE-2021-40742

Acknowledgments

Adobe would like to thank hy350, yjdfy and cff_123  of Topsec Alpha Team for reporting these issues and for working with Adobe to help protect our customers.        

(hy350) HY350 of Topsec Alpha Team (CVE-2021-40737; CVE-2021-40742)
(yjdfy) CQY of Topsec Alpha Team (CVE-2021-40734; CVE-2021-40738; CVE-2021-40739; CVE-2021-40740)
(cff_123) CFF of Topsec Alpha Team (CVE-2021-40735; CVE-2021-40736; CVE-2021-40741)

Revisions

October 28, 2021: Added row to solution table for N-1 version.

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com

Adobe

Get help faster and easier

New user?