Use After Free

CVE-2021-45054

Medium

4.3/10

Summary

Adobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-416 - Use After Free

Use-after-free (UaF) vulnerability occurs when the application is using a pointer to memory that has been freed. Any attempt to read/write to a buffer after it is de-allocated allows memory corruption, sensitive information exposure, and can potentially lead to arbitrary code execution.

References

Advisory Timeline

Published Jan 13, 2022

Use After Free

CVE-2021-45054

Summary

CWE-416 - Use After Free

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS