Adobe informed customers on Tuesday that it has patched memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products.
All of the security flaws were reported to Adobe by researcher Mat Powell of Trend Micro’s Zero Day Initiative (ZDI). Powell found the vulnerabilities in Character Animation, Premiere Rush, Premiere Pro, and Audition.
The most serious of the vulnerabilities is CVE-2020-9586, a critical stack-based buffer overflow affecting the Windows and macOS versions of Adobe’s Character Animation motion capture animation software. The flaw can allow a remote attacker to execute arbitrary code.
In the Windows and Mac versions of the Adobe Premiere Rush and Premiere Pro video editing solutions, and in the Audition audio recording and editing software Powell discovered out-of-bounds read vulnerabilities that could result in information disclosure. Each product is affected by one security bug.